Open menu

Have You Completed Your VERBIS Registration?

Have You Completed Your VERBIS Registration?

The publication below may be out of date due to postponements and recent announcements. Please contact your client representative to have further information and for your queries about the recent announcements regarding your legal obligations.

There are certain periods and deadlines stipulated in the Turkish Data Protection Law (KVKK) for VERBIS registration with the decision dated 19.07.2018 and numbered 2018/88. Afterwards, these periods were extended 3 times and the deadlines were postponed for various reasons.

With the decision numbered 2018/88, the deadline for VERBIS registration was determined as 30.09.2019 for data controllers with an annual number of employees over 50 and for data controllers residing abroad.

Afterwards, with the decision numbered 2019/265, the deadline for the above-mentioned data controllers was determined as 31.12.2019; with the decision numbered 2019/387 it was extended and determined as 30.06.2020; and lastly, it was determined as 30.09.2020 with the latest decision numbered 2020/482.

The deadline which was determined as 30.09.2020 with the latest decision is not postponed and the deadline for registration has been finalized hereof.

What Are The Points To Be Considered By The Data Controllers As Of This Deadline?

The logs of the data controllers who have performed their registrations and notifications to VERBIS can be viewed publicly in the registry system (VERBIS) as of the date of their notification.

The obligations of data controllers are to always keep this logs up-to-date in line with their current status. In case of a change in their processes, data controllers must complete the updates on the data inventories and VERBIS logs within 7 days at the latest and make them available to public by notification.

Is It Possible to Perform VERBIS Registration After This Date?

Although 30.09.2020 is the deadline for the registration, data controllers can still register after this date.

As it is known, some criteria have been specified for the obligation to register with VERBIS and no registration obligation has been stipulated for data controllers who do not meet the criteria prior to this date. After this date, data controllers who meet the criteria must make a notification by registering on the first date once the criteria are met, that is, the first date of registration.

Data controllers who met the criteria before 30.09.2020, but who have not fulfilled their registration obligation can register to VERBIS after this date; whereas, in this case, liabilities may arise for these data controllers as they have not duly performed their obligations. However, the Turkish DPA has the discretionary power regarding the implementation of sanctions; thus, fulfillment of the obligation without delay is likely to have a more positive result than performing no registration at all.

In any case, it is indispensable for data controllers to fulfill this obligation as soon as possible.

Is It Possible to Delete VERBIS Registration?

VERBIS registration is kept open to the public and with the fulfillment of the obligation by notification, the information that the data controller has declared to the registry will be accessible to everyone.

In this case, although they do not meet the criteria for VERBIS registration obligation, there is no possibility for a data controller to delete himself/herself from the registry; if there is a change in the data processing activity according to his/her current status, it is required to update the registration.

Should you require any further details on the subject, you can visit our website VeriSistem® or contact your client representative via the link.

Data Controllers Start Date of Registration Obligation Period of Time Given for Registration Deadline for Registration

Natural and legal person data controllers with an annual number of employees of more than 50 or annual financial balance of more than 25 million TL

01.10.2018 24 months 30.09.2020

Natural and legal person data controllers resident abroad

01.10.2018 24 months 30.09.2020

Natural and legal person data controllers with an annual number of employees of less than 50 or annual financial balance of less than 25 million TL and whose main activity is sensitive personal data processing

01.01.2019 27 months 31.03.2021

Public institutions and organizations

01.04.2019 24 months 31.03.2021

Written by Şeyma Nur Kaplan, Posted in Personal Data Protection Law

  • Notification!

    Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

    Please consult your client representative if you are a customer of CottGroup® or consult a relevant party or an expert prior to taking any action in regards to the above content.

About The Author

Şeyma Nur Kaplan

Legal and Compliance Executive
This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.