Whatsapp+90 532 707 51 13
Tel+90 312 426 39 95
E-mail[email protected]
Follow Us
News

Personal Data Protection in Turkey

September 16, 2024by Turk Invest

Turkish personal data protection legislation foresees certain obligations for the real and legal persons engaged in data processing activities in Turkey. It should be noted at the outset that this legislation is also applicable to foreign companies operating in Turkey, as well as their branches. One of the most important obligations of the companies in this regard is the obligation of “registering with the VERBİS system”. 

The legal framework for data protection and the obligations of the companies in this context are set with the Law on Protection of Personal Data, the Regulation on Data Controllers Registry, and the decisions of the Personal Data Protection Board.

In addition to that, the official authority to carry out the activities about data protection is “Personal Data Protection Authority

 

VERBİS System and Registry

Personal Data Protection  Law states that every entity is responsible for complying with the data protection regulation. In this context, pursuant to Article 16 of the Law, all natural and legal persons who shall process data must register with the “Data Controllers’ Registry” prior to the start of the data processing process. In this regard, a “data controller” is defined as a real or legal person that determines the objectives and tools of processing the personal data, and that is responsible for the establishment and management of a data recording system. Details of the obligations are regulated in the Regulation on Data Controllers Registry and the Communiques issued by the Personal Data Protection Authority.

This general norm is subject to an exception specified in a number of Decisions of the Personal Data Protection Board. As per the Board’s Decision dated 19.07.2018 and numbered 2018/87, real and legal person data controllers whose annual number of employees is less than 50 and whose total annual financial balance is less than 100 million Turkish Liras are exempted from the obligation to register in the Data Controllers Registry.


The Legal Position of Foreign Companies and Their Branches

In terms of the requirement to register in the Data Controllers Registry, the companies established abroad, and their branches, are treated differently, as specified by the Board in its decision numbered 2019/225. This decision has been issued in response to a request for an opinion to the Board concerning the obligation to register for the branch offices of legal persons resident abroad. According to this Decision,

Foreign companies operating in Turkey directly and/or through their branch offices are obliged to register with the Data Controllers’ Registry”;

Branch offices of foreign companies are likened to and are to be evaluated with the standards applicable to Turkish Companies. As a result, branch offices must register with the “Data Controllers’ Registry” if their employees are more than 50 and their yearly balance is more than 100.000.000TRY

Furthermore, in accordance with Article 9 of the Law on Protection of Personal Data, explicit and written consent of the data owner is needed to transfer data abroad and it must be that the country data transferred has sufficient protection. In case, there is no sufficient protection, the data controller must submit a letter of undertaking to the Personal Data Protection Authority and then, the Authority must permit the transfer of data to said country.

The registry transactions start with registering the website of the Personal Data Protection Authority. During this registration, the Companies shall designate a person responsible for managing  data in the Company (‘Representative’).

 Following the designation of the representative, the duly approved representative shall;

    • Sign up the VERBİS with its “e-devlet” information and provide a list of data classifications that are being processed by the Company,
    • Declare the details of the transfer of the personal data abroad,
    • Declare a list of precautions taken for personal data protection,
    • Declare the designated time period for storing the personal data

In conclusion, companies and  branch offices need to be assessed under the annual employee number and balance criteria.

 

Turk Invest

previous
Turkish Social Security System and Responsibilities of the Employers
next
Taxes in Turkey
TURKINVEST LLC
Headquarters
Portakal Çiçeği Rezidans Kat:9 No:43 Aziziye Mah. Pak. Sok. 06690 Çankaya/Ankara
+90 (312) 426 39 95
[email protected]
www.turkinvest.com.tr
Get in touch
Follow Us
Cep : +90 532 707 51 13
Ankara: +90 (312) 426 39 95
Our Services
TURKINVEST LLC
Headquarters
Portakal Çiçeği Rezidans Kat:9 No:43 Aziziye Mah. Pak. Sok. 06690 Çankaya/Ankara
+90 312 426 39 95
[email protected]
www.turkinvest.com.tr
Our locations
Where to find us?
Cep : +90 532 707 51 13
Ankara: +90 (312) 426 39 95
Get in touch
Follow Us
Our Services

Copyright © 2024. TURKINVEST. All rights reserved. Ankara Reklam Ajansı

Copyright © 2021 | TURKINVEST LLC. All rights reserved. Ankara Reklam Ajansı

This website has been designed and written by TURKINVEST. It is for informational purposes only and does not provide legal or commercial advice. The information contained herein may or may not reflect the most current legal developments. Please do not act or refrain from acting based on anything you read on this site without seeking professional legal counsel/support. TURKINVEST assumes no responsibility or liability in connection with the information contained in this website. Using this site or communicating with TURKINVEST through this website does not form an attorney/client relationship between us and any recipient. This site cannot be used for advertising purposes, to solicit business or for any other purpose contrary to the Professional Rules for Attorneys. All files and information on this website are the property of TURKINVEST. The intellectual property rights concerning the written materials and information contained in this website, and the logo of TURKINVEST are owned by the firm and cannot be copied, reproduced or used without the written consent of TURKINVEST.