Mandatory Data Protection Compliance Audits in Turkey
Have you completed the data protection compliance audit within your organization yet? We ask this question because the Data Protection Law in Turkey obliges data controllers to run compliance audits.
Article 12 of the Law on Protection of Personal Data covers data controllers' data security obligations and p. 3 of Article 12 stipulates that "The data controller is obligated to carry out or have carried out necessary audits within the institution to ensure compliance with the provisions of this Law."
Therefore it is fair to say that under the current applicable law, all data controllers in Turkey (real or legal person who determines the purposes for which and the manner in which any personal data are, or are to be, processed.) must start a compliance audit within the organization to ensure compliance with the Data Protection Law in Turkey.
Further, pursuant to Article 18 p 1 b) of the Law, non-compliance with this audit obligation is subject to an administrative fine of up to TRY 1.000.000 (EUR 250.000 approx.)
The Law allows data controllers to;
1- conduct this compliance audit themselves by using their employees or,
2- outsource the compliance audit to third parties which specialize in data protection law.
Therefore all data controllers in Turkey must complete their data protection compliance audit as soon as possible.