You have a form on your website.
Your visitor enters their name, phone number, and email address.
You collect this information, perhaps transfer it to your CRM system, or include it in a campaign.
But there’s a small detail missing: The user doesn’t know why they’re providing this information.
What’s it for? Who stores it? When will it be deleted? Which system will it be processed in?
No explanation.
This is where KVKK comes into play.
This issue, which we call the obligation to inform, is one of the most frequently violated and “minor” but problems with major consequences by websites.
In this article, we discuss what the lack of a disclosure text means, why it is mandatory, how it can turn into a criminal process, and of course how we manage this risk with the Consent, Cookie and Privacy Compliance Management Model that we developed as a solution.
What is the Lighting Obligation? Why Is It So Critical?
Article 10 of the Personal Data Protection Law is very clear:
“The data controller is obliged to inform the relevant persons during the collection of personal data.”
So, the moment someone gives you their name, email address, phone number or IP information, you must inform them.
Clear, simple, direct.
Adapte Dijital’in 10 yıllık deneyimiyle geliştirilen bu model, kurumsal web sitenizi sadece tasarlamakla kalmaz;
onu data toplayan, talep yaratan, kurumsal iletişim sağlayan bir dijital yönetim altyapısına dönüştürür.
Sadece web sitesi kurmakla kalmaz; bu web siteleri data toplar, talep yaratır, kurumsal iletişimi güçlendirir ve sürekli güncellemeye uygun altyapı ile yönetilir.
What should the information include?
- What data is collected?
- For what purpose is it collected?
- Who processes it?
- How long is it stored?
- On which systems is it processed?
- How can the relevant person exercise his/her rights?
And this information should be provided before the data is collected.
Not with an e-mail sent afterwards.
A PDF link added to the bottom of the form is not sufficient either.
It should be presented in a clearly visible, understandable and approvable manner.
Why is there a deficiency? dangerous?
Because you are receiving data from the user but not informing them.
This is considered unconscious data processing within the scope of the KVKK and is directly subject to administrative sanctions.
In short:
🛑 If there is no information, there is no legal contract.
📄 If there is no approval box, you cannot use that data.
The Most Common Mistake: “Adding a Form Is Considered Enough”
Many companies continue to collect data with contact, application, offer or membership forms.
But these forms have neither an information text nor a checkbox.
Visitors don’t know this:
- What information you provide and why
- What to do
- Who keeps your data
Why is it so common?
Because most forms:
- Technically created by the web designer
- Marketing team focuses only on its function
- No legal or data security involved
The result?
A digital structure that looks nice but has no legal basis.
And once this structure is recognized, the process proceeds as follows:
Adapte Dijital’in 10 yıllık deneyimiyle geliştirilen bu model, kurumsal web sitenizi kurumunuzu/markanızı anlatan, tanıtan, güven yaratan, talep oluşturan bir dijital yönetim platformuna dönüştürür.
Adapte Dijital, bu modelde bir konumlandırma ajansı olarak çalışır. Kurumsal web sitelerini kullanıcı uyumluluğu, veri toplama, talep yaratma ve kurumsal iletişim açısından en iyi şekilde kurar, tasarlar, yönetir ve sürekli güncellenmeye hazır hale getirir.
- Visitor complains
- Institution starts audit
- Missing elements in the form are documented
- Criminal process begins
- All data used retroactively are also subject to audit
Don’t say “Nothing will happen”
Systems that are silent today will be activated tomorrow with a complaint.
And KVKK penalties are applied with direct sanctions, not with prior warnings.
How Does the Penalty Process Work? How Does a “Deficiency” Turn into an “Investigation”?
When a complaint is received or an audit is conducted, KVKK asks the following questions:
- How did you inform the user during this data collection process?
- Where was the disclosure text published?
- When and how was the approval obtained?
- Did you register it?
- Was the submit button working without the user giving approval?
If you cannot answer these questions, the process will be considered a “violation”.
How much are the fines?
As of 2024, the fine for not fulfilling the disclosure obligation It can go up to 100,000 TL.
This is just for one form.
If there is more than one field, the penalties are cumulative.
Retrospective risk?
Yes.
If the user information was transferred to the CRM, added to the mailing list or used in marketing systems;
these processes are also included in the violation.
In other words, they do not only inspect the form, but the entire chain opened by the form.
A Real Life Example: Small Neglect, Big Result
A consulting company created a form on their website to register for free training.
The form had a simple design.
Name, surname, email, phone, and a “send” button.
But there were three missing elements:
- There was no disclosure text
- There was no explicit consent box
- No approval was required for form submission
A user became suspicious after registering and filed a complaint.
KVKK stepped in. The company failed to document the process and also failed to explain how the data used was processed.
Result:
- 65,000 TL administrative fine
- Deletion of all mailing lists
- Restructuring of relevant areas of the website
- In-house digital training obligation
What Happens When User Rights Are Used Retroactively?
Data may have been collected without informing.
The user may have filled out this form a year ago.
But according to the KVKK, that user always has the following rights:
- Learning which data is processed
- Stop processing or request deletion
- Learn who your data is shared with
- Withdraw consent
What happens when consent is withdrawn?
- All data must be deleted
- Must be removed from marketing systems
- This request by the user must be documented
- If necessary, third parties must be instructed to “delete data”
📌 If the system is not designed to meet these requests, it leaves your organization at legal risk.
Consent is not a one-time thing. It can be revoked at any time.
This requires data systems to be dynamic and documentable.You can review our Permission, Cookie and Privacy Compliance Management Model that we have developed to make your website legal and reliable.
Clarification is Not a Text, It is a System
Clarification text is generally perceived as follows:
“Let’s put a page on our website, write ‘KVKK Information Text’ at the beginning, and the issue will be resolved.”
But this approach does not meet the essence of the law.
Why is it not enough?
Because the law requires you to not only provide information, but also to provide it at the right time, in the right place and in an approved manner.
The text is only the textual dimension of the legal obligation.
The main thing is to place this text in the process.
That is:
- Should be presented visibly just below the form
- Should be presented to the user with a confirmation box
- The form should not be sent without checking this box
- The consent and information relationship should be recorded
Lighting = technical + legal + design compliance
A real lighting system;
- Web design
- Background logging
- Confirmation screens
- Text content
- And process management
It consists of its components.
That’s exactly why legal compliance can be achieved not just by writing text, but by establishing a model.
To see the effect of a compatible system on a site, take a look at our Motto Plus example.
How to Set Up This System? Where to Start?
Basic steps to follow to systematize the lighting process:
1. Form Map is Created
All data-collecting forms on your website are determined.
Contact, membership, offer, application, popup, etc.
2. Lighting Scenario Prepared for Each Form
- What data is collected?
- For what purpose?
- In which system is it stored?
- For how long?
- For what legal reason
A simplified text is prepared based on the answers given to these questions.
3. Consent Boxes and Link Integration are Done
It is made visible by giving a link to the text under the form.
It is made to work with the “I Approve” box.
4. Logging Infrastructure is Established
The user’s viewing and approval of the text is logged with IP, date-time and form information.
This record becomes available for KVKK inspection.
5. Document Package is Created
The entire process is documented with screenshots and dates.
Separate records are created for each form.
How is this entire process managed with our model?
The Consent, Cookie and Privacy Compliance Management Model that we developed as Adapte Dijital, does not only approach this process as a consultancy, but also as a system. takes.
1. Preparation of the Information Text
Together with our legal advisors, we prepare simple and understandable texts specific to your sector.
2. Technical Integration
We set up box and link systems in accordance with your form infrastructure (WordPress, Elementor, WPForms, Contact Form 7 etc.).
3. Approval Requirement
Forms are rendered inoperable without checking the box.
All fields are arranged based on user consent.
4. Consent Records Are Logged
Each user approval is integrated into the log recording system.
It is stored with IP, time and form information.
5. Document and Training Support
We document the structure we have prepared and deliver it to you.
We enable your internal teams to manage the process.
Thanks to this model, your disclosure obligation is not only fulfilled, but also made auditable, sustainable and user-friendly.
We have developed You can review our Consent, Cookie and Privacy Compliance Management Model.
Conclusion: Don’t Let the Cost of a Minor Neglect Be Great
Lack of lighting is often seen as a minor detail.
But this detail can be punished both with is directly related to user trust.
Remember:
- User data = legal liability
- Disclosure = digital integrity
- Approved system = brand reputation
With the Permission, Cookie and Privacy Compliance Management Model, you can resolve these processes not individually but as a whole.
What Changes When the Lighting Process is Established Properly?
Putting text under a form or adding a box seems like a small touch.
However, with the system established in the background, these small changes create a big digital leap.
When the lighting process is established correctly, your business:
- Has a legal firewall
- Does not just collect data, documents it
- Establishes a transparent relationship with the user
- Does not panic during audits, but is prepared
- Conducts marketing activities with peace of mind
Each of these is essential not only to avoid penalties but also to build institutional trust.
To see the effect of the compatible system on the site, take a look at our Motto Plus example.
What the Model Brings to Businesses
The Consent, Cookie and Privacy Compliance Management Model not only provides compliance to organizations, but also offers clear and measurable gains in the following areas:
1. Legal Assurance
All data collection points (forms, cookies, automations) are brought into compliance with KVKK.
All user permissions are recorded thanks to log systems.
Your corporate web infrastructure is now fully equipped against audits.
📌 Every form, every consent, every piece of data is taken under control within a secure system.
2. Customer Trust
You become a “transparent” and “relevant” institution in the eyes of your visitors.
Sharing what you do clearly in forms shows that you value the user.
This increases both form conversion rates and brand loyalty.
📈 The perception of “it’s not clear what they do” is replaced by the perception of “they work professionally.”
3. Efficient Marketing
Now you only communicate with authorized data.
This way, your email campaigns will not end up in the spam folder, the complaint rate will decrease, and conversion will increase.
In addition, your marketing infrastructure will not face the risk of being shut down.
🎯 Permitted data = legal protection + high performance.
4. Systematic Digital Infrastructure
Everything is recorded.
Every form is structured.
Every cookie can be managed.
The entire system is documented.
So now you have not only a legal but also a professional digital infrastructure.
Before – After: A Real Transformation
Before:
- Forms collect data but it’s not clear why
- No fields are logged
- User permission is not available
- Texts are copy-pasted, links do not work
- No documents to prepare if audit comes
After (After Model Setup):
- Sector-specific information text on each form
- Explicit consent boxes are mandatory and active
- Form cannot be sent without user approval
- All records integrated into the log system
- Audit folder ready, internal communication organized
- Marketing infrastructure strong and secure
This difference means a leap not only in terms of KVKK but also in terms of institutional maturity.
It’s Not Just Compatibility, It’s A Reputation Model
In today’s digital world, users are not just looking for products or services.
They also want to connect with institutions that value them, protect their data, and offer trust.
So;
- Transparent wins
- Open wins trust
- Trust-giving wins loyalty
The Permission, Cookie and Privacy Compliance Management Model was designed exactly in this direction.
It provides you with not only KVKK compliance, but also trust, visibility and sustainability in the digital world.
Conclusion: Major Corporate Transformation Starting with Small Texts
The information text is not just a legal document.
It shows you how your business is entering the digital world. It is a mirror that shows how much you look at the user, how much you respect the user and how professionally you manage the process.
And how you look in this mirror makes a difference now.
With this model we developed as Adapte Digital:
- It makes your website ready for auditing
- It creates a legal security shield by logging all your data processes
- We make your communication infrastructure sustainable and effective
You can review our Permission, Cookie and Privacy Compliance Management Model that we developed to make your website legal and reliable.
📞 If you are ready, we can start with you.
Let’s analyze your website, identify risks, and create a solution roadmap together.
