fbpx

Data Protection Law in General

Articles -
Data Protection and Privacy Gün + Partners

On April 7, 2016, a new law on the protection of personal data came into force in Turkey: The Law on the Protection of Personal Data numbered 6698 (“Data Protection Law”). It is the first law of its kind in Turkey, specifically regulating the protection of personal data.

The Data Protection Law is a step towards harmonizing Turkish legislation with EU legislation, and it was prepared based on Directive 95/46/EC on data protection (“Data Protection Directive”). The Data Protection Law is very similar to the Data Protection Directive, but it is not a complete replica and, in relation to the Data Protection Law, some of the differences between them may be seen as deficiencies rather than improvements.

Since the enactment of the Data Protection Law:

  • The Personal Data Protection Board (“Board”) was established;
  • A number of guidelines were issued in relation to the various concepts set out in the Data Protection Law;
  • Various regulations and communiqués (that is, secondary legislation under Turkish law) were prepared by the Board and came into force in 2017 and 2018. The most notable ones among those regulations and communiqués are the following:
    • Regulation on Data Controllers’ Registry;
    • Regulation on Erasure, Destruction and Anonymization of Personal Data;
    • Regulation on Working Principles of the Data Protection Board;
    • Communiqué on the Obligation of Information.
  • The DPA issued various guidelines in order to provide insight on different matters. The most notable ones have been:
    • Guideline on Personal Data Security (Technical and Administrative Measures);
    • Guideline on Erasure, Destruction and Anonymisation of Personal Data;
    • Guideline on Preparation of the Data Inventory;
    • Guideline on Implementation of the Obligation to Inform.
  • The DPA issued data breach decisions and principal decisions; and
  • Data breach notifications have been made to the DPA and they were made public.

The DPA regularly publishes decisions and principle decisions that provides clarity to certain issues and outlines procedures for data breach incidents. We closely monitor the decisions of the DPA, as well as foreign data protection authority decisions for issues we need clarification of, and actively attend DPA workshops, or organize workshops, where practitioners and DPA experts come together to discuss the application of the Data Protection Law.

First published by Gün + Partners in Sep 18, 2020.

Stay Informed

Subscribe to stay up to date on the latest legal insights and events of your choice.

Subscribe Now