Comparative Guides

Welcome to Mondaq Comparative Guides - your comparative global Q&A guide.

Our Comparative Guides provide an overview of some of the key points of law and practice and allow you to compare regulatory environments and laws across multiple jurisdictions.

Start by selecting your Topic of interest below. Then choose your Regions and finally refine the exact Subjects you are seeking clarity on to view detailed analysis provided by our carefully selected internationally recognised experts.

4. Results: Answers
FinTech
5.
Data security and cybersecurity
5.1
What is the applicable data protection regime in your jurisdiction and what specific implications does this have for fintech companies?
Turkey

Answer ... The main law regulating protection of personal data in Turkey is Law 6698 on Protection of Personal Data. This law is modelled on the now repealed EU Data Protection Directive (95/46/EC) and implements the European principles on data protection. The law includes no specific provisions on fintech companies or financial information, so its general provisions will apply. The main regulatory body for the protection of personal data in Turkey is the Personal Data Protection Board. The board is authorised to enforce the Law on Protection of Personal Data and issue sanctions in case of violations.

Foreign fintech service providers that process the personal data of persons residing in Turkey are also bound by the Law on Protection of Personal Data, even if they have no physical or legal presence in Turkey. For example, they must register with the Personal Data Protection Board as a data controller, and must submit a data breach notification to the board should a possible data breach affect the data of Turkish citizens which is processed by the foreign fintech company.

For more information about this answer please contact: Tuğrul Sevim from BTS & Partners
5.2
What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for fintech companies?
Turkey

Answer ... Turkey does not have a specific catch-all cybersecurity regime in place, but certain IT systems-related obligations apply to financial service providers. The most relevant for fintech companies is the Communiqué on Management and Auditing of Information Systems of Payment and Electronic Money Institutions of 27 July 2014. The communiqué sets out certain cybersecurity-related technical and administrative requirements (eg, data and system localisation requirement; obligation to supervise the cybersecurity maturity of merchants; obligation to undergo independent IT auditing) for payment and e-money institutions licensed in Turkey.

For more information about this answer please contact: Tuğrul Sevim from BTS & Partners
Contributors
Topic
FinTech