Data Controller Representative (DCR) service

With the DCR Service, we offer you more scalable approach than hiring an in-house staff. The DCR outsourcing service provides compliance to business-owners by accessing to skilled and experienced professionals, in personal data protection requirements.

Organizations located outside of the Turkey which collects or processes personal data of Turkish citizens, are required to assign a local data controller representative (DCR). The representative must be a Turkish citizen, resident of Turkey or a Turkish entity. Turkey’s personal data protection legislation (TDPL) requires data controllers to notify the Turkish Data Protection Authority regarding their data processing activities. The representative must complete Data Controllers' Registry Application (VERBIS). Thus, the representative must appoint a contact person who must be a Turkish citizen residing in Turkey. The data controller representative can be the contact person who is appointed via the online VERBIS system.

6698 Numbered Turkish Personal Data Protection Law

Data Controllers' Registry

ARTICLE 16
  1. Under the supervision of the Board, Data Controllers Registry shall be kept by the Presidency in a publicly available manner.
  2. Natural or legal persons who process personal data shall register with the Data Controllers Registry prior to commencing processing. However, considering objective criteria that shall be designated by the Board such as the characteristics and the number of data to be processed, whether or not data processing is based on any law, or whether data will be transferred to third parties, the Board may set forth exemptions to the obligation to register with the Data Controllers Registry.
  3. Registry application to the Data Controllers Registry shall be made with a notification including the following matters:
    • a) Identity and address information of the data controller and of the representative thereof, if any.
    • b) The purposes for which personal data will be processed.
    • c) The group or groups of persons subject to the data and explanations regarding data categories belonging to these persons.
    • ç) Recipient or groups of recipients to whom personal data may be transferred.
    • d) Personal data which is envisaged to be transferred abroad.
    • e) Measures taken for the security of personal data.
    • f) The maximum period of time necessitated by the purposes for which personal data are processed.
  4. Changes to the information provided as per the 3rd paragraph shall be immediately reported to the Board.
  5. Other procedures and principles relating to the Data Controllers Registry shall be regulated by a regulation.
Consulting

Consulting

Our business consultants provide you with a road map, clear directions, and regular feedback on performance. Our clients rely on our knowledge and expertise on business processes and legislative support.

Read more
Outsourcing

Outsourcing

CottGroup offers a full range of payroll, accountancy, tax and administration services to manage operations and provide practical solutions to all businesses.

Read more
Technology

Technology

We provide SaaS (Software as a service) solutions to help your company automate processes, resulting in reducing paperwork, improving efficiency and saving time.

Read more
Training

Training

At CottGroup we specialise in delivering high-quality employment law training, health and safety management training and training on all aspects of people management.

Read more
This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.
x