• Burak Ozdagistanli

Did You Know That Conducting A Data Protection Compliance Audit is Mandatory in Turkey?

Have you completed the data protection compliance audit within your organization yet? We ask this question because the Data Protection Law in Turkey obliges data controllers to run compliance audits.


Article 12 of the Law on Protection of Personal Data covers data controllers' data security obligations and p. 3 of Article 12 stipulates that "The data controller is obligated to carry out or have carried out necessary audits within the institution to ensure compliance with the provisions of this Law."


Therefore it is fair to say that under the current applicable law, all data controllers in Turkey (real or legal person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.) must start a compliance audit within the organization to ensure compliance with the Data Protection Law in Turkey.


Further, pursuant to Article 18 p 1 b) of the Law, non-compliance with this audit obligation is subject to an administrative fine of up to TRY 1.000.000 (EUR 250.000 approx.)


The Law allows data controllers to;

1- conduct this compliance audit themselves by using their employees or, 

2- outsource the compliance audit to third parties which specialize in data protection law.


Therefore all data controllers in Turkey must complete their data protection compliance audit as soon as possible.

10 views0 comments

Recent Posts

See All

Econsumer.gov

Authors: Hatice Ekici Tağa, Sümeyye Uçar, Bensu Özdemir Econsumer.gov is an initiative of the International Consumer Protection and Enforcement Network (“ICPEN”). ICPEN is a network of governmental or

PROTECTION OF UNREGISTERED TRADEMARKS

Authors: Hatice Ekici Tağa, Sümeyye Uçar, Bensu Özdemir The trademark is the sign which enables the goods or services of a business to be distinguished from the goods or services of other businesses.

Sweepstakes and Competitions

Authors: Hatice Ekici Tağa, Sümeyye Uçar, Bensu Özdemir Provided that they comply with the relevant legal regulations, chance-based sweepstakes and skill/information/ability-based competitions are gen