• Burak Ozdagistanli

Did You Know That Conducting A Data Protection Compliance Audit is Mandatory in Turkey?

Have you completed the data protection compliance audit within your organization yet? We ask this question because the Data Protection Law in Turkey obliges data controllers to run compliance audits.


Article 12 of the Law on Protection of Personal Data covers data controllers' data security obligations and p. 3 of Article 12 stipulates that "The data controller is obligated to carry out or have carried out necessary audits within the institution to ensure compliance with the provisions of this Law."


Therefore it is fair to say that under the current applicable law, all data controllers in Turkey (real or legal person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.) must start a compliance audit within the organization to ensure compliance with the Data Protection Law in Turkey.


Further, pursuant to Article 18 p 1 b) of the Law, non-compliance with this audit obligation is subject to an administrative fine of up to TRY 1.000.000 (EUR 250.000 approx.)


The Law allows data controllers to;

1- conduct this compliance audit themselves by using their employees or, 

2- outsource the compliance audit to third parties which specialize in data protection law.


Therefore all data controllers in Turkey must complete their data protection compliance audit as soon as possible.

10 views0 comments

Recent Posts

See All

Countdown For Compliance with Turkish Data Protection Law

Authors: Burak Özdagıstanli, Sümeyye Uçar, Bensu Özdemir Natural or legal persons who process personal data under the Law on Personal Data Protection with no. 6698 (“DPL”) must register to the Data Co

LOSS OF RIGHTS DUE TO REMAINING SILENT

The protection period of the registered trademark is ten years from the application date, as regulated in the Industrial Property Law numbered 6769 (“SMK”), and as long as the trademark is registered,