Amendment To The Legislation Of Personal Data Protection 03 May 2019
The Regulation on the Data Controllers Registry, The Regulation On Deletion, Removal And Anonymization Of Personal Data and the Communique On The Procedures And Principles To Be Followed For The Fulfillment Of The Obligation To Inform have entered into force after the entry into force of the Turkish Personal Data Protection Law numbered 6698. Amendments regarding these Regulations and the Communique were published on the Official Gazette dated 28 April 2019. We would like to inform you below about the recent changes in the legislation of Personal Data Protection.
THE REGULATION ON THE DATA CONTROLLERS REGISTRY:
The procedures and principles regarding the Data Controllers Registry are regulated in the Regulation on the Data Controllers Registry (‘’Regulation’’) was published in the Official Gazette dated 30 December 2017 and numbered 30286.The amendments made to the Regulation are presented below for your information;
Regarding point of contact:
1. Real Persons shall also notify their Point of Contacts (Contact Person)
According to article 4 of the Regulation, the data controllers residing in Turkey and the data controller representatives, who are residing outside of Turkey, were to assign their contact person during the application to the Registry. As a result of the amendments, the notification of the contact person is required not only for the legal entities but also for the real persons. Real persons residing in Turkey shall assign their contact person through their data controllers and real persons who are residing outside of Turkey shall assign their contact person through their data controller representative.
2. The information regarding the contact person of the Real Person Data Controller shall be processed in the Data Controllers Registry.
According to Article 4 of the Regulation, only the information regarding the contact person of the legal entity, which is residing in Turkey, should have been recorded in the Registry. Following the amendments made, on behalf of both the data controllers residing in Turkey and the data controllers residing outside of Turkey the information regarding point of contact shall be assigned to the Registry. Thus, on behalf of both real and legal persons, data controller representatives shall register to the Registry.
3. The Name of the Point of Contact in the Data Controllers Registry shall not be disclosed to the public.
According to Article 7 of the Regulation, identity and address of the controller and of his/her representative, if any, and the Registered Electronic Address shall be disclosed to the public. Pursuant to amendments made to the regulation, the name of the contact person shall not be open for public disclosure.
Regarding personal data inventory:
1. Obligation to prepare personal data processing inventory.
Pursuant to amendments made to Article 5 of the Regulation, the data controller, who is obliged to register to the Registry, will be obliged to prepare Personal Data Inventory.
2. Legal reasons should be clearly included in The Personal Data Processing Inventory1.
The content of the personal data processing inventory, which should be prepared by the data controller, is provided under article 4 of the Regulation. Accordingly, in the personal data processing inventory; The purpose of processing activity, the category of the personal data, the recipient group, the data subject group, the maximum retention period , whether or not the personal data is to be transferred abroad , the precautions taken for data security should be included in detail. With the amendment, it is regulated that the legal reasoning should be clearly included in the personal data inventory.
Obligations regarding registration:
1. The total number of employees or annual financial balance sheet criterion counts as an exemption from Registration Obligation.
Articles 15 and 16 of the Regulation regulate personal data processing activities which are not subject to the obligation to register to the VERBIS system. The Personal Data Protection Board may grant an exemption to obligation to register according to the criteria set forth in Article 16 of the Regulation. Pursuant to amendment made to the Regulation, the Personal Data Protection Board will be able to exclude the data controller from the registration and notification obligation by taking into account the total number of employees or annual financial balance sheet of the data controller.
Changes regarding registration information:
1. In case of changes in registration information, such changes should be notified by the data controller.
Pursuant to amendment made to Article 13, in case of changes in registration information, the Data Controller should inform the Personal Data Protection Boardwithin 7 (seven) days from the date on which the change has occurred via VERBIS.
THE REGULATION ON DELETION, REMOVAL AND ANONYMIZATION OF PERSONAL DATA:
Regulation No. 30224 on the Deletion, Destruction or Anonymization of Personal Data was published in the Official Gazette on 28/10/2017. Below we are providing information regarding the changes made to the relevant provisions of the Regulation.
Regarding the period of request for deletion or destruction of personal data:
1. If the data subject requests that the Personal data be deleted or destroyed pursuant to Article 11 of the Turkish Personal Data Protection Law No. 6698 dated 24/3/2016, he/she shall be subject to the periods set out under Article 12 of the Regulation.
Article 11 of the Law No. 6698 on the Turkish Personal Data Protection Law sets out the rights of the natural person (“the data subject”) whose personal data is processed. With the amendment to Article 11 of the Regulation, the right of the data subject to request the deletion or destruction of personal data from the Data Controller has been regulated. Accordingly, in the event that all the conditions of processing the personal data cease to exist, personal data shall be deleted or anonymized upon the request of the data subject. The request of the data subject shall be finalized by the data controller no later than thirty days
COMMUNIQUE ON THE PROCEDURES AND PRINCIPLES TO BE FOLLOWED FOR THE FULFILLMENT OF THE OBLIGATION TO INFORM:
The Communiqué on the Procedures and Principles to Be Followed in the Fulfillment of The Obligation to Inform No. 30356 (‘’Communique’’) was published in the Official Gazette on 10/3/2018. We would like to inform you below about the changes made to the provisions of the Communiqué
Regarding fulfillment of the obligation to inform:
1. The units that process the personal data for different purposes shall not be subject to the obligation to inform.
In the event that personal data is processed for different purposes in different units of the data controller, the provision of the obligation to inform separately for each unit by using physical or electronic media such as oral, written, voice recording, call center is repealed.
___________________
1Same amendment are made to the Regulation on Deletion, Removal and Anonymization of Personal Data.
Other News
-
24.10.2025
The Obligation for the Principal and Subcontractor Employers to Jointly Participate in Mediation Has Been Annuled by the Constitutional Court
An important Constitutional Court decision has been published regarding the mediation process that an employee can apply to with a request for reinstatement after the termination of employment relations in the workplace. The Constitutional Court ruled that the provision in paragraph (15) of Article 3 of the Labor Courts Law No. 7036, which states, "In cases where there is a principal employer-subcontractor relationship, for a request for reinstatement to be submitted to a mediator, the employers must participate in the mediation talks together and their intentions must be compatible for an agreement to be reached," is unconstitutional. The decision was published in the Official Gazette dated October 17, 2025, and numbered 33050.
-
23.10.2025
The Constitutional Court Has Annulled The Provision Granting The President Authority To Restrict Foreign Exhange And Money Movements!
In its decision No. 2024/193 Merits 2025/136 Decision1 dated 17 June 2025 ("Decision"), published in the Official Gazette on 15 October 2025, the Constitutional Court ("Court") annulled Article 1 of Law No. 1567 on the Protection of the Value of the Turkish Currency ("Law"). The annulled provision had stated that: "The President is authorized to make decisions for the regulation and restriction of the export from or import into the country of currencies, securities, and bonds, and of the purchase and sale of foreign exchange, cash, securities, bonds, precious metals, precious stones, and any goods and valuables made of or containing them; as well as of commercial papers and all means and instruments used for payment, and to take decisions aimed at protecting the value of the Turkish currency."
-
21.10.2025
Seizure of Property Belonging to Persons Other than the Debtor and Protection of Legal Rights
In enforcement proceedings, the seizure of property that does not belong to the debtor but rather to third parties is a situation frequently encountered in practice that leads to significant aggrievements. Uncertainties arising from property regimes complicate ownership relations, making it difficult to accurately determine to whom the property belongs during enforcement measures. Within this framework, when seizure is imposed on property belonging to the debtor's spouse or another third party, the most important legal remedy is the ownership claim (assertion).
-
20.10.2025
Mergers and Acquisitions and the Notification Obligation within the Framework of Competition Law
Mergers and acquisitions (M&A) are at the center of the growth and restructuring strategies of companies. These transactions, serving the purpose of companies to expand both nationally and internationally to increase their market shares or to enter into new markets, not only give rise to economic and commercial consequences but also carry the potential to directly affect the competition dynamics in the relevant market. Therefore, merger and acquisition transactions may affect the competition structure in the market. In this respect, while M&A transactions create strategic opportunities, they are also among the areas carefully scrutinized by regulatory authorities to preserve competitive order.
-
17.10.2025
Important Amendment to the Organized Industrial Zones (OIZ) Implementation Regulation: Additional Time Granted To Participant
Published in the Official Gazette No. 33050, dated October 17, 2025, the "Regulation Amending the Organized Industrial Zones Implementation Regulation" introduces a new Provisional Article 13 to the existing regulation.This new provision allows OIZ participants who have not yet obtained a building permit or a workplace opening and operating license to apply for an extension period under certain conditions.
-
15.10.2025
Current Status Of The Obligation To Maintain Commercial Books In Electronic Form
1. INTRODUCTION With the Communiqué Amending the Communiqué on Keeping Commercial Books Not Related to the Accounting of the Enterprise in Electronic Form, published in the Official Gazette dated September 20, 2025 and numbered 33023 (“Amendment Communiqué”), significant amendments have been introduced to the Communiqué on Keeping Commercial Books Not Related to the Accounting of the Enterprise in Electronic Form, published in the Official Gazette dated February 14, 2025 and numbered 32813 (“Communiqué”).
-
25.9.2025
Social Security Procedures To Be Carried Out By The Employer Following A Reinstateme
Upon receiving notification of a final and binding reinstatement decision, if the employee communicates their intention to return to work within 10 business days, the employer may either reinstate the employee or refuse reinstatement by paying both the four months' idle period wages determined by the court and the compensation for non-reinstatement. As seen, the employer has two alternative courses of action in this situation; however, the procedures to be carried out before the Social Security Institution (SGK) differ in each case.
-
19.9.2025
The Court of Cassation has Ruled That The Competent Court Fot Cases Brought On The Grounds Of Volation Of The Non-Competition Clause Is The Commercial Court of First Instance
1. Introduction The duty not to compete is a type of loyalty obligation owed by the employee to the employer. The employee undertakes not to compete with the employer during the term of the employment contract as part of their loyalty obligation. However, Turkish law does not contain any legal provisions prohibiting the employee from competing with the employer after the employment contract has ended. However, the parties may freely agree that the employee will not compete with the employer after the termination of the employment contract. Articles 444-447 of the Turkish Code of Obligations also contain provisions and restrictions regarding non-competition agreements that may be established between the employee and the employer.
-
16.9.2025
Transfer Fee: Legal Characterization and Practical Application
1. Introduction The concept of a transfer fee is not directly defined in the Turkish Labor Code; its framework and legal nature in practice have largely been shaped by the decisions of the Court of Cassation (Turkey). This practice, which arises particularly in sectors with intense competition and limited skilled labor, is a type of payment that employers must carefully consider within the scope of their employment policies.
-
5.9.2025
Competition in the Labor Market: HR Practices to Avoid
The Turkish Competition Authority ("Authority"), which is entrusted with ensuring the proper functioning of markets, identifying practices that restrict competition, and imposing sanctions against infringements, operates under Law No. 4054 on the Protection of Competition ("Law") without distinction between input and output markets. Labor markets have recently emerged as one of the primary arenas in which entities compete in input markets and, with the influence of various additional dynamics, have become a market increasingly prioritized by the Authority. The Guidelines on Competition Violations in Labor Markets ("Guidelines"), adopted by the Authority on November 21, 2024, serve as an important reference for the prevention of competition infringements in labor markets. In this bulletin, in light of the Guidelines and decisions of the Competition Board ("Board") within the Authority, (i) the fundamental principles and information regarding the application of competition law to labor markets, and (ii) the main prohibited practices to be observed when competing in labor markets will be addressed.
-
29.8.2025
Does An Employee's Extended Period Of Sick Leave Grant The Employer The Right To Terminate The Emploment Contract?
In employer-employee relations, the direct impact of long-term medical reports on the status of the employment contract holds critical importance for both employees and employers. In particular, uninterrupted periods of sick leave lasting for a certain duration are regulated under Article 25/I(b) of the Labour Law as a specific provision that grants the employer the right to immediate termination for just cause and determines the rights to be granted to the employee. In this context, how the employer may exercise the right of termination for just cause following the employee's extended medical leave and the legal basis of this process should be examined in detail.
-
27.8.2025
Regulation On Direct Selling Was Published
The Regulation on Direct Selling ("Regulation"), issued by the Ministry of Trade ("Ministry") pursuant to Articles 47/A and 84 of the Consumer Protection Law No. 6502, was published in the Official Gazette dated 08.08.2025 and numbered 32980, thereby entering into force.
-
18.8.2025
SMS Verification Codes and the Personal Data Protection Board's Guideline Decision No. 2025/1072
The Personal Data Protection Board's Guideline Decision dated 10 June 2025 and numbered 2025/1072 introduces significant regulations regarding personal data processing activities conducted through SMS verification codes, which have become a widespread practice in commercial life. The decision requires significant adjustments to customer relationship management, particularly in the service and retail industries.
-
11.8.2025
Mergers And Acquisitions Of Companies Engaged In Renewable Energy Gereration
In recent years, notable developments in Turkey's electricity market have extended beyond investments aimed solely at increasing generation capacity. The sector has also come into focus through strategic investments and merger and acquisition (M&A) transactions involving companies operating in the field of renewable energy.
-
31.7.2025
Annual Leave, Severance Pay, and Notice Pay in Part - Time Employment Contracts
Part-Time Employment Contract Article 13 of the Labor Law No. 4857 defines a part-time employment contract as "a contract in which the employee's normal weekly working hours are significantly less than those of a full-time employee performing similar work."
