• Burak Özdağıstanli

REGULATION ON THE DELETION, DESTRUCTION, AND ANONYMISATION OF PERSONAL DATA WAS PUBLISHED IN THE OFF

Updated: Feb 28, 2018

Regulation On The Deletion, Destruction, And Anonymisation Of Personal Data, which is the first Regulation drafted based on the Law on Protection of Personal Data was published on October 28, 2017.

The Regulation stipulates Data Controller’s obligations as to deletion, destruction and anonymization of personal data and explains some concepts such as deleting data, destroying data and anonymizing data.

Under the Regulation data controllers which are required to enlist with the Data Controllers Registry are obliged to;

  • Create a data retention and destruction policy,

  • Delete, destroy or anonymize personal data after exhaustion of the data processing purpose,

  • Record a log of all deletion, destruction and anonymization activities for at least three years,

  • Explain methods used in deletion, destruction and anonymization of personal data,

  • Periodically delete, destroy or anonymize data within 6 months as of the exhaustion of the data processing purpose,

  • Delete, destroy or anonymize personal data upon request by data subject if data processing purposes have been exhausted within 30 days as of receiving the request,

  • Inform third parties (who received the data) of the data subject’s request.

Full English text of the Regulation can be found at:


https://www.iptechlegalblog.com/blog/regulation-on-the-deletion-destruction-and-anonymization-of-personal-data


SIGN UP AND STAY UPDATED!

© 2018 Ozdagistanli Ekici Attorney Partnership.

www.ozdagistanliekici.com​  info@iptech-legal.com

Palladium Office Building Barbaros Mah Halk Cd. No: 8/A K: 2 Atasehir Istanbul

  • Grey LinkedIn Icon
  • Grey Facebook Icon
  • Grey Google Places Icon
  • Grey YouTube Icon
  • Grey Google+ Icon
  • LinkedIn Social Icon
  • Facebook Social Icon
  • Google Places Social Icon
  • YouTube Social  Icon
  • Google+ Social Icon