top of page

What is the Law on the Protection of Personal Data?


Law No. 6698 on the Protection of Personal Data ("KVKK") was enacted in the Turkish Grand National Assembly on March 24, 2016 and the law was published in the Official Gazette on April 7, 2016 and entered into force.


As a result of the increase in the importance of social media in our lives, the protection of Personal Data has become an important issue in today's world, where access to and sharing of information regarding our daily life has become extremely easy.


The problems that may arise due to the unauthorized and malicious hands of personal data shared based on the trust in institutions are increasing day by day. For this reason, it is essential that institutions that process, record or manage sensitive and personal information act in accordance with this responsibility and take the necessary precautions.


The law in question; It aims to regulate the obligations of natural and legal persons who process personal data by protecting the privacy of private life, fundamental rights and freedoms of individuals and the rules and procedures to be followed by them.


The provisions of the KVKK are applied to real persons whose personal data are processed, and real persons and legal entities who process this data completely or partially automatically or by non-automatic means provided that they are part of any data recording system.

Some important definitions have been made by the law.


According to the Law;

  • Explicit consent: Consent on a specific subject, based on information and declared with free will,

  • Anonymization: Making personal data unidentified or identifiable in any way, even by matching other data, with a natural person,

  • Related person: The real person whose personal data is processed,

  • Personal data: All kinds of information related to an identified or identifiable natural person,

  • Data processor: Real or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller,

  • Data recording system: The recording system in which personal data are structured and processed according to certain criteria,

  • Data controller: Real or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system,

expresses.


As stated in article 5d of KVKK, the relevant person cannot be processed and transferred to a third party without the express consent of the person concerned. The transfer of personal data abroad is also conditional on the existence of explicit consent.


In case the reasons requiring the processing of personal data are eliminated, the personal data must be made anonymously, deleted or destroyed by the person responsible for the data, either ex officio or upon the request of the person concerned.


Within the scope of the law, everyone has the right to apply to the data controller and to learn whether their personal data is processed, to request information about them if their personal data has been processed, to learn the reason for processing this data and whether it is used in accordance with the purpose of processing.


Within the scope of the conditions stipulated in article 7 of KVKK, the person concerned has the right to request the destruction or deletion of personal data, to demand the removal of the damage if the personal data is processed illegally.

GuzelLaw.GDPR.jpg

© 2021, Güzel Law & Consulting

Disclaimer: The materials and information on this web site have been prepared by Güzel Law & Consulting  for information purposes only. Nothing herein is intended as legal advice. Visitors of this website should not act upon this information without seeking professional advice. Güzel Law & Consulting assumes no responsibility or liability in connection with the information herein.

bottom of page