Sun, Nov
70 New Articles

Registering With Data Controllers’ Registry and Its Exemptions

Turkish Competition Authority to Shape the Future of Multi-Play Services in Telecommunication Industry [TTNET]

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Pursuant to the Turkish Data Protection Law which aims to provide data security, it has set some rights and obligations to specific subjects. Those subjects fall into three categories: data subject, data processor and data controller. Data subject expresses a real person whose data is processed; data controller is defined as the real or legal person that determines the objectives and tools of processing of the personal data, and is responsible for the establishment and management of a data recording system; data processor is defined as the real or legal entity that processes the personal data, with the authority bestowed by the data controller, and in the name of the data controller. Data Protection Law sets forth essential responsibilities for data controllers, as follows:

  • Obligation to inform - Data safety obligations 
  • Data Controllers’ Registry (“Registry”) 
  • Data inventory
  • Appointing either a contact person or an authorised representative based on whether the data controller is based inside or outside of Turkey to be able to reply applications made by data subjects 
  • To ensure applying decisions of the Personal Data Protection Board (“Board”) 

This memo aims to purport the responsibility of registering with Data Controllers’ Registry and its exemptions. 

Data controllers are obliged to register with the Registry through an online information system called "VERBIS". On the other hand, exemptions from registering with the Data Controller Registry have published under Board’s ruling on Official Gazzette in 2018. 

Pursuant to the Personal Data Protection Law, a fine ranging from 20,000 and 1,000,000 Turkish Liras is applied for failures to comply with registering with Registry obligation. The amount of fines are determined objectively by the Board due to importance of violation and data controller’s category. 

Data controllers are required to comply with their registration obligations according to the following schedule, depending on their categorization: 

  1. For data controllers whose number of yearly employees exceeds fifty or whose annual financial balance sum exceeds twenty-five million Turkish Liras; 01.10.2018 - 30.09.2019 
  2. For data controllers who are resident or established abroad; 01.10.2018 - 30.09.2019 
  3. For data controllers whose number of yearly employees is less than fifty and whose annual financial balance sum does not exceed twenty-five million Turkish Liras, but whose main business activity concerns the processing of special categories of personal data; 01.01.2019 - 31.02.2020 
  4. For data controllers who are public entities or public institutions; 01.04.2019 - 30.06.2020 

According to the Board's decisions in 2018, the following data controllers are exempt from the obligation to register: (i) real persons and legal entities that process personal data by nonautomatic means, on the condition that such data are part of a data-filing system, (ii) notaries operating under the Notary Law No. 1512, (iii) associations founded under the Law No. 5253 on Associations, foundations established per the Law No. 5737 on Foundations, and trade unions established under the Law No. 6356 on Trade Unions and Collective Bargaining Agreements, who only process the personal data of their own employees, enrollees, members and donors, in accordance with the applicable legislation and its purposes and within the scope of their field of activity, (iv) political parties founded in accordance with the Law No. 2820 on Political Parties, (v) attorneys who are working under the Attorneyship Law No. 1136, and (vi) certified public accountants and sworn-in public accountants operating under the Law No. 3568 on Public Accountancy and Auditing, (vii) data controllers employing less than 50 employees and with less than 25 million Turkish Liras annual balance sheet total (unless the data controller’s main business activity is processing sensitive personal data).

By Nazlı Sezer, Attorney Sezer & Utkaner Law Firm

Turkey Knowledge Partner

NAZALI offers a broad range of services in the fields of Tax, Audit, Corporate and Commercial Law, Mergers & Acquisitions, Corporate Finance, Banking, Finance and Capital Markets, Protective Legal Services and Dispute Resolution, Personal Data Protection and Privacy, Social Security and Labor Law, Occupational Health and Safety, Competition Law, Intellectual Property Law and R&D, Compliance and White-Collar Crimes, Administrative Law, Real Estate Law, Customs and Foreign Trade, Accounting and Payroll, Financial Incentives and Advisory Services and Public Administration and Compliance through its partners, associates and consultants of different seniorities who have both public and private sector experience.

What sets NAZALI apart from others is that NAZALI offers a truly comprehensive service to its clients with experts from different disciplines working collaboratively as a team under one roof enabling us to evaluate all dimensions of legal matters together with financial and technical matters.

The services that NAZALI provides to its clients include the most appropriate solution with the support of technical departments specialized in their fields. In this context, NAZALI associates are supported by NAZALI technical team and work alongside the experts in the fields of finance, social security and customs matters. NAZALI has set out with the aim of providing the most efficient and comprehensive solution for its clients by adapting to the developing conditions and happily gained the trust of its clients by never compromising the quality of service.

As conditions continuously evolve, NAZALI always aims to further itself remaining true to its motto “GROW WITH KNOWLEDGE” and has set out with the aim of providing the most efficient and comprehensive solution for its clients by adapting to the developing conditions and happily gained the trust of its clients by never compromising the quality of service.

Firm's website: http://www.nazali.com

Our Latest Issue