Data Protection Law
The Law on the Protection of Personal Data (Data Protection Law in shortly DPL) was published in the Official Gazette on April 7, 2016 as the law numbered 6698 in Turkey. After the preparation and transition period foreseen for 2 years, DPL has been applied in Turkey since 7 April 2018 and businesses are subject to this law.
Personal Data is any information relating to an identified or identifiable natural person. Personal data security must be ensured within a business.
Processing of personal data is obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, of personal data fully or partially automatically or non-automatically provided that it is a part of any data recording system, means all kinds of operations performed on data such as classification or prevention of use.
Data controller refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system. Therefore, if a business is processing any personal data (for example, processing personal data of its employees, etc.), the business should act in accordance with the law.
DPL imposes certain obligations on data controllers. If we briefly express these obligations;
- Obligation to comply with data processing condi
- Obligation to inform
- Obligation to ensure data security
- Obligation to prepare a keeping and disposal policy
- Obligation to register with Verbis
- Obligation to comply with general principles
- Obligation to comply with Board decisions
- Obligation to evaluate the requests of the data subject