The Turkish Data Protection legislation has been constantly updated in light of secondary legislation as well as decisions of the Turkish Data Protection Board. Thus controllers must follow up the changes and update their policies to comply with the law, as necessary.

The Board, in one of its recent decisions, instructed a telecommunication operator to pay attention and care since the operator requested notary certified or electronically signed document from the data subject to process the data subject's application. The method of this operator was one of the most common applications before the Communiqué on Application to Data Controllers came into force. The Communiqué provided much easier methods for data subjects' applications to the controllers.

In its decision, the Board reminded the rules stipulated under the Data Protection Law and the Communiqué and instructed the operator to pay attention to and give utmost importance for compliance with the law.

Although, the Board did not impose any fines to the operator, this publicly announced decision may be seen as a warning shot to the controllers to update their procedures in compliance with applicable laws in relation to their procedures regarding data subject rights. As 2019 is about to end and data controller registry application deadlines are close, this may be just the time for data controllers to shake up and review, and if necessary, revise their policies and procedures to comply with the law.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.