BY ADMIN     29 MAY 2017

 

“Data Controller’s Obligation to Inform as per the Protection of Personal Data Law numbered 6698”

 

Deliveli Alp Law & Consultancy

 

Nowadays, real and legal persons process their customers’ personal data via certain ways including but not limited to their web sites or mobile applications. As a result of the increasing sensitivity towards personal data protection in Turkey, “data controllers” who are real or legal persons setting the purposes and instruments of the personal data process, and who are responsible for the establishment and management of the data recording system, must operate in compliance with the relevant legislation when processing personal data in order to avoid legal sanctions.

 

Pursuant to Article 10 of the Protection of Personal Data Law numbered 6698 (“PPDL”), data controller is obliged to inform the person whose personal data is to be processed. In this scope, data controllers shall publish their information policy on processing and protection of personal data on their websites or mobile applications or via other ways. The information policy with regard to this obligation shall include;

 

• The identity of the data controller and if any, the identity of its representative,
• Legal ground of obtaining personal data,
• Methodology of obtaining personal data,
• For what purposes personal data is being processed,
• How personal data is protected,
• How cookies are managed,
• Whether the personal data is being shared or not, if yes, with whom and for what purposes such personal data is shared,
• Rights of the person including without limitation to the right to information under the relevant legislation.

 

According to the PPDL, in addition to the obligations to inform, data controller has obligations regarding the provision of data security and registration with and informing the Data Controllers Registry. Pursuant to the obligation regarding the provision of data security, data controller is obliged to take all necessary measures for providing data safety for the purposes of storing the personal data legally and preventing the personal data from being processed and accessed unlawfully. In the event of the failure to fulfill the obligations under the PPDL, administrative fine up to 1,000,000 Turkish Liras may be imposed against the data controller; on the other hand, data controller real or legal person executives may face prison sentence as well.

 

In the light of foregoing, it is important to follow the compliance process of the PPDL in accordance with the applicable laws for the purposes of fulfilling the obligations under the PPDL fully and preventing the legal sanctions thereunder.

 

Should you have any queries, please do not hesitate to contact us.

 

Deliveli Alp Law & Consultancy

Copyright © 2017 Deliveli Alp Law & Consultancy, All rights reserved.

 

Newsletter