• Burak Ozdagistanli

Cybersecurity and Data Protection

A recent article on BBC shows that around 50% of the companies in the UK have been subject to a cyber-attack or experienced a data breach.

There is no similar statistic in Turkey, however it is not hard to estimate that Turkish companies are facing a lot of cyber-attacks resulting in breaches.

The fact that there is no statistic may be due to the insufficient level of awareness for data protection and cyber security, however it should be noted that companies in Turkey have a legal obligation to protect personal data and implement relevant security measures.

Obligations for Cyber-security and Personal Data Security in Turkey

Under the Law on Protection of Personal Data w. no. 6698, data controllers are obliged to take all necessary technical and organizational measures for providing an appropriate level of security in order to;

a) Prevent unlawful processing of personal data,

b) Prevent unlawful access to personal data and

c) Protect personal data.

Non-Compliance with Security Obligations Results in Administrative Fines

It should be noted that non-compliance with the security obligations stipulated on the Law on Protection of Personal Data may result in administrative fines of up to TRY 1.000.000 (aprox. USD 260.000) for each case of non-compliance.

Another critical point is, since the Data Protection Authority has been established and started operating, the administrative fines are not just long term concerns, they are actual risks.


6 views0 comments

Recent Posts

See All

Authors: Hatice Ekici Tağa, Burak Özdağıstanli, Sümeyye Uçar, Öykü Su Sabancı Gambling is defined as “games that are performed for profit and in which profit and loss depend on luck” in the Turkish Pe

Authors: Burak Özdagıstanli, Sümeyye Uçar, Öykü Su Sabancı The ongoing covid-19 pandemic dominated legal developments in 2021 as restrictions were maintained in order to mitigate its impact. In additi

Authors: Burak Özdagıstanli, Sümeyye Uçar, Bensu Özdemir Natural or legal persons who process personal data under the Law on Personal Data Protection with no. 6698 (“DPL”) must register to the Data Co