• Burak Ozdagistanli

Did You Know That Conducting A Data Protection Compliance Audit is Mandatory in Turkey?

Have you completed the data protection compliance audit within your organization yet? We ask this question because the Data Protection Law in Turkey obliges data controllers to run compliance audits.

Article 12 of the Law on Protection of Personal Data covers data controllers' data security obligations and p. 3 of Article 12 stipulates that "The data controller is obligated to carry out or have carried out necessary audits within the institution to ensure compliance with the provisions of this Law."

Therefore it is fair to say that under the current applicable law, all data controllers in Turkey (real or legal person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.) must start a compliance audit within the organization to ensure compliance with the Data Protection Law in Turkey.

Further, pursuant to Article 18 p 1 b) of the Law, non-compliance with this audit obligation is subject to an administrative fine of up to TRY 1.000.000 (EUR 250.000 approx.)

The Law allows data controllers to;

1- conduct this compliance audit themselves by using their employees or, 

2- outsource the compliance audit to third parties which specialize in data protection law.

Therefore all data controllers in Turkey must complete their data protection compliance audit as soon as possible.

10 views0 comments

Recent Posts

See All

Authors: Hatice Ekici Tağa, Burak Özdağıstanli, Sümeyye Uçar, Öykü Su Sabancı Gambling is defined as “games that are performed for profit and in which profit and loss depend on luck” in the Turkish Pe

Authors: Burak Özdagıstanli, Sümeyye Uçar, Öykü Su Sabancı The ongoing covid-19 pandemic dominated legal developments in 2021 as restrictions were maintained in order to mitigate its impact. In additi

Authors: Burak Özdagıstanli, Sümeyye Uçar, Bensu Özdemir Natural or legal persons who process personal data under the Law on Personal Data Protection with no. 6698 (“DPL”) must register to the Data Co