The Law addresses responsibilities of key actors, companies and data processing companies, as well as appropriate methods for processing and transmitting data. It introduces definitions for ‘personal data’, ‘sensitive data’, ‘data processor’, ‘data controller’ and ‘explicit consent’, among others, as well as a general prohibition on processing or storing such data without express consent from the data subject. For personal data which is already stored or begun processing before the Laws enforcement date, data processors and data controllers have two years to ensure the data complies with the new requirements.
The Law outlines a relatively similar framework to the European data protection system. However, further changes are necessary if Turkish legislation is to become completely aligned with the European Unions data protection regime.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now