A recent article on BBC shows that around 50% of the companies in the UK have been subject to a cyber-attack or experienced a data breach.
There is no similar statistic in Turkey, however it is not hard to estimate that Turkish companies are facing a lot of cyber-attacks resulting in breaches.
The fact that there is no statistic may be due to the insufficient level of awareness for data protection and cyber security, however it should be noted that companies in Turkey have a legal obligation to protect personal data and implement relevant security measures.
Obligations for Cyber-security and Personal Data Security in Turkey
Under the Law on Protection of Personal Data w. no. 6698, data controllers are obliged to take all necessary technical and organizational measures for providing an appropriate level of security in order to;
a) Prevent unlawful processing of personal data,
b) Prevent unlawful access to personal data and
c) Protect personal data.
Non-Compliance with Security Obligations Results in Administrative Fines
It should be noted that non-compliance with the security obligations stipulated on the Law on Protection of Personal Data may result in administrative fines of up to TRY 1.000.000 (aprox. USD 260.000) for each case of non-compliance.
Another critical point is, since the Data Protection Authority has been established and started operating, the administrative fines are not just long term concerns, they are actual risks.