Selen IBRAHIMOGLU GURES
Attorney at Law / Managing Partner
07 October 2016
As we have examined in our previous publications, the Law No.6698 on Protection of Personal Data (“DP Law”) has entered into force on 07.04.2016 and delayed enforceability of certain provisions for compliance until 07.10.2016, which is today.
Therefore, the provisions especially for transfer of personal data abroad, information of data subject about their rights and establishment of adequate systems for such, applications to data controller and the Board by the data subject and the relevant penalties for non-compliance have become enforceable as of today.
Also today 5 out of the 9 board members that had been elected by the Parliament have been announced in the Official Gazette.
WHAT SHALL THE DATA CONTROLLER/PROCESSOR REAL PERSON OR LEGAL ENTITIES DO UNLESS THEY HAVE DONE SO FAR?
Urgently, the management should;
Subsequently, in parallel to the above actions, in order to comply with the obligations under the Law especially for provision of data security, the management should;
WHAT WILL WE FACE WITH IF WE DO NOT TAKE ANY ACTIONS?
For compliance phases;
For all the above reasons, we advise that all data controller and processor companies take necessary actions for compliance with the Law at the earliest convenience.