Skip to main content

Turkey moves to establish new data protection law

Turkey moves to establish new data protection law

Turkey has recently taken steps to harmonise its data protection laws with EU regulations. A draft law was submitted to the Turkish parliament in late December that, once passed, will impose new constraints on business in all sectors. 

Restrictions on the processing of personal data (defined as any type of information relating to an identified or identifiable individual) are currently handled via a combination of Turkey’s Civil Code, Criminal Code, specific legislation in the banking, insurance and financial services sectors, and the 2012 Electronic Communications Regulation which governs the processing of data by telecoms operators. 

The law’s fundamental principles

The draft law contains a series of fundamental principles that apply to the processing of personal data, namely that it must be processed fairly and lawfully, kept accurate and as up-to-date as necessary, be processed for specific purposes and kept no longer than necessary. 

Processing is only permitted with the express consent of the subject, where the data has been made public by that individual, where the processing is expressly contemplated by law or where it is necessary to protect the life or physical integrity of an individual whose consent cannot be physically or legally obtained.

For more details on the draft law, including the obligations of the data controller, the rights of the data subject, the rules on transferring personal data to third parties and the scope of potential legal sanctions for violations of the law, read this briefing from Paksoy, one of our StrongerTogether relationship firms in Turkey.