+90 212 244 9222

Personal Data Protection Law

23June2020

Deadlines For VERBIS Registration Have Been Extended

According to the decision of the Turkish Personal Data Protection Authority ("KVKK") dated 23.06.2020 numbered 2020/482, the deadlines for registration obligation to Data Controllers' Registry Information System ("VERBIS") have been extended.

With the relevant decision, it has been concluded that,

  • For natural and legal person data controllers with more than 50 employees annually or a financial balance of more than 25 million TL annually, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 30.09.2020,
  • For natural and legal person data controllers resident abroad, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 30.09.2020,
  • For natural and legal person data controllers with less than 50 employees annually and a financial balance of less than 25 million TL annually, and whose main activity is sensitive personal data processing, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.03.2021,
  • For public institutions and organizations the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.03.2021,

Written by Şeyma Nur Kaplan, Posted in Personal Data Protection Law

12June2020

The Deadline for VERBIS Registration is 30.06.2020

According to the Article 16 of KVKK, natural and legal persons who process personal data must register with VERBIS (Data Controllers' Registry Information System) before starting data processing.

In this regard, the deadlines determined by Turkish Data Protection Authority for registration to VERBIS as below.

Written by Kübra Özkahraman, Posted in Personal Data Protection Law

20April2020

Binding Corporate Rules

As it is known, the principles of transfer of personal data abroad are regulated in Article 9 of KVKK. According to this regulation, in transfers to countries that are not counted among adequate countries, with a commitment to be signed between the person to whom the transfer will be made and the person who will make the transfer, permission must be obtained from the Board. However, adequate countries have not yet been announced by the Authority and it is likely that it will take time to identify safe countries, as we see from the "Criteria to be Based on Determining Countries with Sufficient Protection" published by the Authority. Since the adequate countries have not yet been announced, although people go for permission from the Board, there are also some difficulties in this process. Considering these difficulties, the Authority announced the Binding Corporate Rules institution and announced the method to facilitate data transfer for multinational group of companies. In this method announced, the process of obtaining permission from the Board will be carried out, as well. However, it should be noted that although a different alternative has been presented by the Authority, the question marks in transferring abroad have still not been eliminated, since the adequate countries have not been announced yet. Besides, as we will explain below, the announcement that the application of the Binding Corporate Rules will be finalized by the Authority in 1 year and this period will likely to be extended for 6-month periods shows that this process will not be short, as well.

Written by Şeyma Nur Kaplan, Posted in Personal Data Protection Law

10April2020

Processing Location Data in Scope of COVID-19 Measures

The "Pandemic Isolation Tracking Project", which aims to observe the movements of quarantined people and regions, has been announced by the Presidency Of The Republic Of Turkey; in the announcement, it is stated that the aim of the project is to make analysis to prevent further spread of the epidemic.

In the project, which will be carried out in cooperation with the Ministry of Health, Information Technologies and Communications Authority and all GSM operators, it has been realized that the location information of the individuals will be monitored by GSM operators, which may violate personal data security and privacy.

By publishing an announcement regarding the subject on 09.04.2020, the Personal Data Protection Authority has declared that the processing of the location data by the authorized institutions and organizations in order to prevent further spread of the pandemic will be considered under the exception of the Article 28 of KVKK, as the epidemic disease threatens public safety and public order; in other words, that the Law shall not be applied for this activity.

Written by Şeyma Nur Kaplan, Posted in Personal Data Protection Law

1 2 3 4 5  >>  
This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.
x
Hizmetlerimiz devam ediyor.

Due to the Covid-19 Coronavirus pandemic to secure the health of our employees our business operations are held remotely until further notification. CottGroup® will have its business processes carried out efficiently and smoothly thanks to our BCP plans and strong technological infrastructure. As always, our customers and business partners will be able to reach us via our phones and e-mails.