Amendment To The Legislation Of Personal Data Protection 03 May 2019
The Regulation on the Data Controllers Registry, The Regulation On Deletion, Removal And Anonymization Of Personal Data and the Communique On The Procedures And Principles To Be Followed For The Fulfillment Of The Obligation To Inform have entered into force after the entry into force of the Turkish Personal Data Protection Law numbered 6698. Amendments regarding these Regulations and the Communique were published on the Official Gazette dated 28 April 2019. We would like to inform you below about the recent changes in the legislation of Personal Data Protection.
THE REGULATION ON THE DATA CONTROLLERS REGISTRY:
The procedures and principles regarding the Data Controllers Registry are regulated in the Regulation on the Data Controllers Registry (‘’Regulation’’) was published in the Official Gazette dated 30 December 2017 and numbered 30286.The amendments made to the Regulation are presented below for your information;
Regarding point of contact:
1. Real Persons shall also notify their Point of Contacts (Contact Person)
According to article 4 of the Regulation, the data controllers residing in Turkey and the data controller representatives, who are residing outside of Turkey, were to assign their contact person during the application to the Registry. As a result of the amendments, the notification of the contact person is required not only for the legal entities but also for the real persons. Real persons residing in Turkey shall assign their contact person through their data controllers and real persons who are residing outside of Turkey shall assign their contact person through their data controller representative.
2. The information regarding the contact person of the Real Person Data Controller shall be processed in the Data Controllers Registry.
According to Article 4 of the Regulation, only the information regarding the contact person of the legal entity, which is residing in Turkey, should have been recorded in the Registry. Following the amendments made, on behalf of both the data controllers residing in Turkey and the data controllers residing outside of Turkey the information regarding point of contact shall be assigned to the Registry. Thus, on behalf of both real and legal persons, data controller representatives shall register to the Registry.
3. The Name of the Point of Contact in the Data Controllers Registry shall not be disclosed to the public.
According to Article 7 of the Regulation, identity and address of the controller and of his/her representative, if any, and the Registered Electronic Address shall be disclosed to the public. Pursuant to amendments made to the regulation, the name of the contact person shall not be open for public disclosure.
Regarding personal data inventory:
1. Obligation to prepare personal data processing inventory.
Pursuant to amendments made to Article 5 of the Regulation, the data controller, who is obliged to register to the Registry, will be obliged to prepare Personal Data Inventory.
2. Legal reasons should be clearly included in The Personal Data Processing Inventory1.
The content of the personal data processing inventory, which should be prepared by the data controller, is provided under article 4 of the Regulation. Accordingly, in the personal data processing inventory; The purpose of processing activity, the category of the personal data, the recipient group, the data subject group, the maximum retention period , whether or not the personal data is to be transferred abroad , the precautions taken for data security should be included in detail. With the amendment, it is regulated that the legal reasoning should be clearly included in the personal data inventory.
Obligations regarding registration:
1. The total number of employees or annual financial balance sheet criterion counts as an exemption from Registration Obligation.
Articles 15 and 16 of the Regulation regulate personal data processing activities which are not subject to the obligation to register to the VERBIS system. The Personal Data Protection Board may grant an exemption to obligation to register according to the criteria set forth in Article 16 of the Regulation. Pursuant to amendment made to the Regulation, the Personal Data Protection Board will be able to exclude the data controller from the registration and notification obligation by taking into account the total number of employees or annual financial balance sheet of the data controller.
Changes regarding registration information:
1. In case of changes in registration information, such changes should be notified by the data controller.
Pursuant to amendment made to Article 13, in case of changes in registration information, the Data Controller should inform the Personal Data Protection Boardwithin 7 (seven) days from the date on which the change has occurred via VERBIS.
THE REGULATION ON DELETION, REMOVAL AND ANONYMIZATION OF PERSONAL DATA:
Regulation No. 30224 on the Deletion, Destruction or Anonymization of Personal Data was published in the Official Gazette on 28/10/2017. Below we are providing information regarding the changes made to the relevant provisions of the Regulation.
Regarding the period of request for deletion or destruction of personal data:
1. If the data subject requests that the Personal data be deleted or destroyed pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698 dated 24/3/2016, he/she shall be subject to the periods set out under Article 12 of the Regulation.
Article 11 of the Law No. 6698 on the Turkish Personal Data Protection Law sets out the rights of the natural person (“the data subject”) whose personal data is processed. With the amendment to Article 11 of the Regulation, the right of the data subject to request the deletion or destruction of personal data from the Data Controller has been regulated. Accordingly, in the event that all the conditions of processing the personal data cease to exist, personal data shall be deleted or anonymized upon the request of the data subject. The request of the data subject shall be finalized by the data controller no later than thirty days
COMMUNIQUE ON THE PROCEDURES AND PRINCIPLES TO BE FOLLOWED FOR THE FULFILLMENT OF THE OBLIGATION TO INFORM:
The Communiqué on the Procedures and Principles to Be Followed in the Fulfillment of The Obligation to Inform No. 30356 (‘’Communique’’) was published in the Official Gazette on 10/3/2018. We would like to inform you below about the changes made to the provisions of the Communiqué
Regarding fulfillment of the obligation to inform:
1. The units that process the personal data for different purposes shall not be subject to the obligation to inform.
In the event that personal data is processed for different purposes in different units of the data controller, the provision of the obligation to inform separately for each unit by using physical or electronic media such as oral, written, voice recording, call center is repealed.
___________________
1Same amendment are made to the Regulation on Deletion, Removal and Anonymization of Personal Data.
Other News
-
19.4.2024
The Constitutional Court Decision Annulled The Regulation Envisaging Liability For Litigation Expenses Within The Scope Of Mediation In Civil Disputes
In accordance with paragraph 11 of Article 18/A of Law No. 6325 on Mediation in Civil Disputes1 ("the Code"), a party shall be held liable for the entire cost of the litigation, nothwithstanding justification at the conclusion of the proceedings, and shall not be granted power of attorney fee if he or she fails to appear for the initial session of mandatory mediation without providing an explanation.The aforementioned regulation is outlined as follows:
-
8.4.2024
E-Application" Period In Capital Markets Board Applications
With its announcement dated 5 February 2024, the Capital Markets Board ("Board") announced to the public that capital market institutions, organisations and partnerships will be able to make their applications more quickly and effectively through the e-Application System.
-
5.4.2024
The Amounts In The Pre-Conditions To Be Complied With Before The Initial Public Offering Of Shares In Several Sectors Were Decreased
The Capital Markets Board ("Board" or "CMB") decreased the financial thresholds for financial statements, especially considering the sectoral differences of the companies that submitting to the Board for initial public offering and the 12th Development Plan ("Plan") prepared by the Presidency of the Strategy and Budget Directorate.
-
15.3.2024
New Regulations Introduced With The 8th Judicial Package
The Law No. 7499 on the Amendment of the Code of Criminal Procedure and Certain Laws ("Law"), which contains amendments and new regulations known as the "8th Judicial Package", was published in the Official Gazette dated 12 March 2024 and numbered 32487. In this article, we will discuss the amendments to the Criminal Procedure Code No. 5271 (" CPC"), Turkish Criminal Code No. 5237 ("TCC"), Turkish Civil Code No. 4721 ("TCC"), Enforcement and Bankruptcy Code No. 2004 ("EBC") and Law No. 6384 on the Duties and Working Procedures and Principles of the Compensation Commission.
-
12.3.2024
Changes In The PDPL Was Published In THE Official Gazette
Law No. 7499 on Amendments to the Code of Criminal Procedure and Some Laws ("Law No. 7499") including critical amendments to the Law No. 6698 on the Personal Data Protection Law ("PDPL") was published in the Official Gazette on March 12, 2024.
-
9.2.2024
Amendments Were Made To The Regulations Based On The Occupational Health And Safety Law
In the Official Gazette dated 4 February 2024 and numbered 32450, amendments were made to some regulations issued based on the Occupational Health and Safety Law No. 6331:
-
1.2.2024
Turkish Competition Board Mergers And Acquisitions Outlook Report For 2023 Has Been Published
On January 5th, 2024, the Turkish Competition Authority has published the Report prepared by the Competition Board on Mergers, Acquisitions And Privatisation Transactions in 2023 ("Report").
-
31.1.2024
Important Principle Decision From The Advertising Board Regarding Discount Sale Advertisements
At the first meeting of the year held on January 9, 2024, the Advertising Board made an important principle decision regarding discount sale advertisements by amending the "Guideline on Advertisements Containing Price Information and Discount Sale Advertisements and Commercial Practices" in order to prevent consumer victimization through misleading advertisements and practices that lead to unfair competition in the retail trade sector.
-
17.1.2024
The Authority to Decide on Trademark Cancellation Passed to the Turkish Patent And Trademark Office!
In Article 192/1 (a) of the Industrial Property Law ("IPL") published in the Official Gazette dated 10 January 2017 and numbered 29944, the enforcement of Article 26 of the Law titled "Cancellation Cases and Cancellation Request" was postponed until seven years later, and with the Provisional Article 4 of the IPL, it was stipulated that the authority to decide on the cancellation of trademarks would be directly exercised by the Intellectual and Industrial Rights Civil Courts until 10 January 2024.
-
16.1.2024
Egemenoğlu Hukuk Bürosu / Internship Application
We are pleased to announce the opening of internship applications at Egemenoğlu Hukuk Bürosu. Legal Internship Application Deadline: March 15 Summer Internship Application Deadline: March 29 Prospective candidates are requested to submit their CVs either through our website www.egemenoglu.av.tr or by sending them to info@egemenoglu.av.tr.
-
12.1.2024
Turkish Sustainability Reporting Standards (TSRS) And Scope Of Application Of TSRSs Were Puslished In The Official Gazette
In the Official Gazette dated 29.12.2023 and numbered 32414, the Public Oversight, Accounting and Auditing Standards Authority (POA) announced the Turkish Sustainability Reporting Standards and determined the principles to be followed in sustainability reports.
-
11.1.2024
Important Regulations Which Are Effective As Of 2024 And/ Or Has Been Made Subject To Time Extension
Laws No. 5746 and No. 6550 extended the regulation on higher depreciation (showing expenses related to depreciation) and calculation rates and periods for new machines acquired for use in R&D, innovation and design activities.
-
19.12.2023
The Principles and Rules to be Applied in Retail Trade have been reorganize
With the "Regulation Amending the Regulation on Principles and Rules to be Applied in Retail Trade" prepared by the Ministry of Commerce and published in the official gazette on 14.12.2023, significant changes were made in the principles and rules of retail trade.
-
18.11.2023
Warning From The Authority On Sending Verification Codes To Customers Via Sms During Shopping
The Personal Data Protection Authority ("Authority") published a Public Announcement ("Announcement") on the Processing of Personal Data by Sending a Verification Code via SMS to the Data Subjects during Shopping in Stores.
-
14.11.2023
Communiqué Amending the Communiqué on the Procedures and Principles Regarding the Application of Article 376 of the Turkish Commercial Code No. 6102 has been published
In order to regulate the procedures and principles to be followed in cases of loss of capital or insolvency of joint stock companies, limited liability companies and limited partnership companies with capital divided into shares within the scope of Article 376 of the Turkish Commercial Code No. 6102 (Law), the Communiqué on the Procedures and Principles Regarding the Application of Article 376 of the Turkish Commercial Code No. 6102 (Communiqué) was first published in the Official Gazette dated 15/09/2018 and numbered 30536, and with the Provisional Article 1 of this Communiqué until 01/01/2023, Within the scope of Article 376 of the Law, it was stated that foreign exchange losses arising from foreign currency denominated liabilities that have not yet been fulfilled may not be taken into account in the calculations regarding capital loss or insolvency.