The Law on Protection of Personal Data ("Data Protection
Law"), which is mainly based on Directive 95/46/EC, is
approved by the Turkish Grand National Assembly ("TGNA")
on March 24, 2016. Data Protection Law will now be sent to the
President for approval and publication. The President will have
fifteen (15) days to publish the law approved by the TGNA, unless
he has any objections that compel him to return the law to TGNA for
Once the Data Protection Law is published in the Official
Gazette it will enter into force, with the exception of certain
provisions which will become effective after the transition periods
regulated under the law.
This is the first separate and dedicated general data protection
legislation of Turkey. Data Protection Law introduces and imposes
new obligations on the data processors and data controllers
operating in Turkey. It introduces various provisions on processing
and protection of personal data and sets out the principles of
personal data processing and transfer of personal data, and brings
out new definitions to substantial terms, such as "explicit
consent" which is stated as a condition of data processing.
Data Protection Law also sets forth the conditions of processing of
personal data, which are principally obtaining data subject's
explicit consent and being required by law. Obligations on data
controllers are imposed in terms of information requirements and
providing data safety, while the Data Protection Law also sets
forth administrative fines in case of breach of certain
The Data Protection Law introduces a Personal Data Protection
Authority, which will be a new establishment in Turkey and requires
enrolment to the Data Controllers' Registry which will be
maintained publicly under the supervision of the Personal Data
Protection Board. Accordingly, natural and legal persons who
process personal data in Turkey will be registered under this
registry before processing personal data.
In that scope, classification and risk assessment, review of
existing procedures and determining the prospective actions to be
taken will be of high importance for compliance.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers The articles are extremely timely and highly applicable I often find critical information not available elsewhere As in-house counsel, Mondaqs service is of great value
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think youve read our Disclaimer).