Pharmacies, doctors, dentists, dietitians must register with VERBIS

Pharmacies, dentists, medical centers, psychologists, private clinics, nursing homes, laboratories and dietitians, etc. The registration period for the Data Controller Registration Information System (VERBİS) is March 31 Filling.

According to the statement of the Consultancy in Personal Data Protection of DPC, the registry of data controllers of natural and legal persons with more than 50 employees or with an annual financial balance of more than 25 million TL, as well as controllers of data of natural and legal persons residing abroad, was completed last year.

Pharmacists, doctors, dentists, clinics, outpatients, hospitals, dietitians, psychologists, dialysis centers, rehabilitation centers, medical and optical laboratories, as well as all the companies responsible for data that operate in the health sector, whose main activity is personal data of special quality. processing, The registration period for public institutions and bodies such as chambers expires on March 31.


Opinions included in the statement DPC Personal Data Protection Consulting Senior Manager (CEO) Sefa KarcıoğluHe stated that he is in the group that processes special quality data after large companies for the VERBIS record.

Stating that the registration process in question is quite thorough, Karcıoğlu said:

“We witnessed that those who tried to get their financial advisor to go through the registration process without consulting their lawyer and information security expert for the registration process, failed to register, made erroneous notifications on legal and technical matters, and made false statements to an official The registration procedures are not the work of financial advisers, it should not be forgotten that the notifications made must be up-to-date and genuine.

It is not enough to obtain a password for the VERBIS registration, it is necessary to take the administrative and technical measures, which are listed in the law, to be able to answer hundreds of questions and register correctly.

For this reason, having the support of professionals is very important for data controllers. Administrative measures are not just three or five documents, and technical measures are not just antivirus and firewall. Companies must take technical measures by purchasing additional software and hardware when necessary to ensure data security, not rely on fixed documents for administrative action, and must edit their own operations specifically. ‘


Karcıoğlu stressed that the regulation, which will expire on March 31, is of particular concern to the group that processes people’s health data.

The group that processes health data from personal data of special quality that was not registered until that date. Administrative fines from TL 39,337 to TL 1 million 966 thousand Karcıoğlu said he will have to pay: “ The Personal Data Protection Board has imposed an administrative fine of hundreds of thousands of lira on dozens of pharmacists and doctors since 2018, alleging that technical and administrative measures were not taken.

As is clear from the Board sanctions, the VERBIS registration and notification procedures must be completed after the technical and administrative measures are taken together. If other administrative and technical measures specified in the law are not taken, more sanctions will be applied to the companies “.” Warned.

Leave a Reply

Your email address will not be published. Required fields are marked *