Protection of Personal Data In Turkiye – General Approach

About Us

We are a full-service institutional law firm with a strategic international vision, striving to deliver high quality, commercially astute legal services. Accountability, efficiency and objectivity are our main principles.

Services

We are a full-service law firm leading the intellectual property field among others, providing dispute management, advisory, transactional, prosecution, investigation, and regulatory markets law services to domestic and multinational corporations.

The primary regulation on the protection of personal data in Turkiye is the Personal Data Protection Law No. 6698 (“Law”), which came into force in 2016. Based on the European Council Data Protection Directive 95/46/EC, the Law has been influenced by the provisions of the European Union General Data Protection Regulation (“GDPR”) and its implementation is shaped by both the GDPR and the decisions of European data protection authorities. The Law adopts similar objectives and fundamental concepts as the GDPR and includes largely comparable provisions regarding the basic principles of personal data protection. However, the Law is generally more limited, regulatory in nature, and less detailed compared to the GDPR.

Developments and trends in European data protection law are monitored by the Personal Data Protection Authority (“Authority”). Additionally, while the Personal Data Protection Board (“Board”) follows global and European data protection trends through its principle decisions, it has also been officially announced that the Human Rights Action Plan and Implementation Schedule, published by the Ministry of Justice, will ensure the alignment of the Law with European standards and introduce regulations parallel to the GDPR.

The most significant step taken towards aligning the Law with GDPR standards was taken with the enactment of the Law No. 7499 on Amending the Code of Criminal Procedure and Certain Laws ("Amendment Law"), published in the Official Gazette on March 12, 2024. With the Amendment Law, important changes regarding the processing of special categories of personal data, cross-border data transfers, administrative sanctions, and appeals against administrative fines came into effect on June 1, 2024. In parallel with the Amendment Law, the Regulation on Procedures and Principles Regarding the Cross-border Transfer of Personal Data was also prepared and published in the Official Gazette on July 10, 2024, entering into force on the same date. Since the enactment of the Law, the processing of special categories of personal data and cross-border data transfers have been ongoing challenges in practice, often creating bottlenecks in implementation. However, the recent amendments have provided partial solutions to these issues, contributing to Turkiye’s efforts to align its data protection framework with European standards. The innovations introduced by the Amendment Law are examined below in more detail.

However, in terms of artificial intelligence (AI) regulations, it is not yet possible to say that there has been a concrete development or initiative. Currently, AI remains a subject that falls within the scope of the Law only under a single article (Article 11).

First published by Gün + Partners in Mar 04, 2025.

About Us

Services

Insights

Protection of Personal Data In Turkiye – General Approach

Stay Informed