Extension Of VERBIS Registration Deadlines Doesn't Mean KVKK Is Postponed

VERBIS (Data Controllers' Registry Information System) is a registration system where data controllers are obliged to register and declare their personal data processing activities. According to the announcement made by the Turkish Personal Data Protection Authority in November 2019, it is envisaged that the processes for VERBIS registration will be completed by 30th of June 2020. However, due to the pandemic process that affected the whole world, many companies have adopted the principles of working remotely or part-time, which made it difficult to complete the necessary preparations for the registration. Having considered these issues, the Authority stated that they made the necessary arrangements and announced that the obligation to register with VERBIS has been postponed. You can access the extended deadlines via this link.

As in the previous decisions of postponement, in the present decision of postponement, data controllers and other data subjects have thought that not only VERBIS registration obligation, but also other KVKK obligations have been postponed to the announced dates. Whereas, Law No. 6698 on the Protection of Personal Data (KVKK) entered into force in 2016, and data controllers have been given time to comply with it until 2018. In other words, all natural and legal persons who currently have the title of Data Controller are obliged to comply with KVKK. Thus, extension of VERBIS registration deadlines didn't bring any difference in terms of completing KVKK compliance.

Besides, it should also be noted that the completion of VERBIS registration alone does not mean compliance with the Law. The obligation to register with VERBIS is only one of the obligations stipulated in the law and the main purpose of this obligation is to prevent the illegal processing of personal data, illegal access to personal data and to protect the security of personal data by taking the necessary administrative and technical measures.