image
07.02.2018

TR: Does your company operate in the EU and in Turkey? Then pay attention to different data breach notification rules

After a long period the Turkish Personal Data Protection Law, numbered 6698 (TDPL) took effect on 7 April 2016 and the process of adaptation concluded on April 2018.
 

At the end of April 2018, the Turkish Data Protection Board (DPB) has announced eight decision-summaries in its official web page trying to explain some violation types and providing some references concerning administrative fines.

Although the TDPL is mostly based on the EU Data protection Directive (95/46/EC) and seems to comply with the European Data Protection Regulation (GDPR), it should be taken into consideration that still some differences exist especially in the view of practice and for its execution.

Article 12/5 TDPL states that in case of any unlawful acquisition of personal data by third parties, the data controller should notify the data subject and the Board concerning such situation as soon as possible.

At this point, it is difficult to interpret what to understand from the annotation “as soon as possible”. Neither in TDPL nor in DPB decisions there is no clear definition regarding notification periods.

Although the board evaluated in its decision that the notification to the board after 10 months and to the data subject after 17 months should be accepted as an “overdue”, they did not determine any exact period yet but also applied an administrative fine.

Similar regulation arranged in Art. 33 and 34 GDPR rules that the notification shall be made without undue delay and, where feasible, not later than 72 hours. In this respect, the definition of breach, notification periods and notification requirements to the data subjects are quite different from TDPL and can be different in practice.

Therefore, companies, which are subject to GDPR but are also operating in Turkey should consider these notification period differences.

Further information:
https://www.kvkk.gov.tr/Icerik/4214/Kurul-Kararlari#

Photo: © ilro - Fotolia

Rating: 5 (1)

© 2012 - 2019 |  2B Advice LLC - the privacy benchmark
7220 Avenida Encinas Ste 208 | Carlsbad | CA | 92011 | Phone: +1 (858) 366-9750 | Fax: +1 (212) 898 1248 | Email: sandiego@2b-advice.com
The pages do not contain any legal advice | No responsibility for the accuracy of the information. Please also notice: Privacy Notice | Legals

2B Advice GmbH Italy
|
2B Advice GmbH Germany | 2B Advice s.r.o. Slovakia United States of America | Slovakia | Germany | San Diego | Bonn | Berlin | Munich | Brezno | Verona