The Law on Protection of Personal Data ("Data Protection Law"), which is mainly based on Directive 95/46/EC, is approved by the Turkish Grand National Assembly ("TGNA") on March 24, 2016. Data Protection Law will now be sent to the President for approval and publication. The President will have fifteen (15) days to publish the law approved by the TGNA, unless he has any objections that compel him to return the law to TGNA for reevaluation.
Once the Data Protection Law is published in the Official Gazette it will enter into force, with the exception of certain provisions which will become effective after the transition periods regulated under the law.
This is the first separate and dedicated general data protection legislation of Turkey. Data Protection Law introduces and imposes new obligations on the data processors and data controllers operating in Turkey. It introduces various provisions on processing and protection of personal data and sets out the principles of personal data processing and transfer of personal data, and brings out new definitions to substantial terms, such as "explicit consent" which is stated as a condition of data processing. Data Protection Law also sets forth the conditions of processing of personal data, which are principally obtaining data subject's explicit consent and being required by law. Obligations on data controllers are imposed in terms of information requirements and providing data safety, while the Data Protection Law also sets forth administrative fines in case of breach of certain provisions.
The Data Protection Law introduces a Personal Data Protection Authority, which will be a new establishment in Turkey and requires enrolment to the Data Controllers' Registry which will be maintained publicly under the supervision of the Personal Data Protection Board. Accordingly, natural and legal persons who process personal data in Turkey will be registered under this registry before processing personal data.
In that scope, classification and risk assessment, review of existing procedures and determining the prospective actions to be taken will be of high importance for compliance.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.