• Burak Ozdagistanli

REGULATION ON THE DELETION, DESTRUCTION, AND ANONYMISATION OF PERSONAL DATA WAS PUBLISHED IN THE OFF

Updated: Feb 28, 2018

Regulation On The Deletion, Destruction, And Anonymisation Of Personal Data, which is the first Regulation drafted based on the Law on Protection of Personal Data was published on October 28, 2017.

The Regulation stipulates Data Controller’s obligations as to deletion, destruction and anonymization of personal data and explains some concepts such as deleting data, destroying data and anonymizing data.

Under the Regulation data controllers which are required to enlist with the Data Controllers Registry are obliged to;

  • Create a data retention and destruction policy,

  • Delete, destroy or anonymize personal data after exhaustion of the data processing purpose,

  • Record a log of all deletion, destruction and anonymization activities for at least three years,

  • Explain methods used in deletion, destruction and anonymization of personal data,

  • Periodically delete, destroy or anonymize data within 6 months as of the exhaustion of the data processing purpose,

  • Delete, destroy or anonymize personal data upon request by data subject if data processing purposes have been exhausted within 30 days as of receiving the request,

  • Inform third parties (who received the data) of the data subject’s request.

Full English text of the Regulation can be found at:


https://www.iptechlegalblog.com/blog/regulation-on-the-deletion-destruction-and-anonymization-of-personal-data


24 views0 comments

Recent Posts

See All

For many years, the allocation and transactions of ".tr" domain names have been carried out by the Middle East Technical University (“METU”) through the Nic.TR system. With the Regulation on Internet

Turkish legislation provides that the revocation of a registered trademark is a consequence of the legal issues that occurred concerning the trademark owner. Trademark revocation initiates in case of