Data Protection Law was published in the Official Gazette dated
April 7th, 2016 and some of its provisions entered into force along
with its publication. Yet, the Data Protection Authority is to be
established until October 7th, 2016 and some of the most
significant provisions of the Law (including the provisions
regarding criminal acts and misdemeanours) will enter into force on
that date. Thus the "new era" will actually begin on
October 7th, 2016.
The 6-month-period between the publication of the Law and its
full entry into force has been an important timeframe for all
relevant parties that will be subject to the new law and their
consultants. Many companies in the private sector worked
extensively to adapt their business models to the new structure.
Law firms and technical consultancy firms also improved themselves
and are getting ready for the provision of comprehensive services
to their clients.
Yet, despite all these preparations no one knows exactly what to
expect since the Law only sets forth the abstract principles and a
lot is to be determined via the secondary legislation of the Data
Protection Board, and the case law to be established thereafter.
Still, this does not mean that it is not possible to design a fully
compliant business model prior to the establishment of the Board
and the publication of the relevant secondary legislation.
When the Data Protection Law is examined, it is seen that the
Law is quite similar with the EU Data Protection Directive and it
is highly probable that the Data Protection Authority to be
established in October would take into consideration the best
practices in the EU while creating its own legal framework. A
similar approach was adopted by the relevant authorities while
establishing the legal frameworks in competition law,
telecommunications law and energy law and the Turkey Progress
Reports published by the EU Commission indicate that the
legislations in Turkey are mostly harmonized with the EU.
In that respect, the most plausible strategy for now seems to be
internalizing the EU legislation whilst taking into consideration
the well-established case law of the Court of Justice of the
European Union (CJEU), European Court of Human Rights (ECtHR), data
protection authorities of the EU member states and the detailed
studies of the Article 29 Working Party. By doing so and acting in
a proactive manner, it might be possible to mitigate most of the
risks associated with the current state of legal uncertainty.
However, it should always be kept in mind that Turkey has its own
dynamics and characteristics. Thus it is vital significance to
reconcile the EU law with the Turkish law while determining the
roadmap to be followed.
It is now a critical time especially for the companies that
intensively deal with personal data to initiate compliance
programs. International firms should aim to fine-tune their global
compliance policies in accordance with the framework in Turkey
whilst domestic firms should focus on creating their own policies.
Working with international law firms and consultancy firms that are
already providing similar services in many different jurisdictions
and that possess dedicated human resources specialized in
compliance matters would bring a competitive advantage to their
clients. It is also critical to keep in mind that compliance in the
field of data protection requires a combination of legal and
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
In this article Filippo Noseda examines the impact of the Common Reporting Standards (CRS), based on practical examples of data transfer and data breaches and analysed in the light of general tax law principles.
Four years after the overhaul of European data protection laws began, the final text of the new General Data Protection Regulation (GDPR) was approved in Spring 2016 and the new rules will come into effect on 25 May 2018.
This update is dedicated to covering the latest legislative developments affecting the way data is managed and protected, as well as reporting on the most recent news governing data breaches and industry developments.
The market of the so-called "connected vehicles" has been considerably growing since 2015. According to a recent study by AlixPartners, 78 million of connected vehicles will be commercialized in 2018, generating a EUR40 billion turnover.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).