Data Protection in Turkey

Data protection laws in Turkey

The main piece of legislation covering data protection in Turkey is the Law on the Protection of Personal Data No. 6698 dated April 7, 2016 (LPPD). The LPPD is primarily based on EU Directive 95/46/EC.

To date, the legislature has enacted several regulations to implement various aspects of the LPPD. The notable ones are mentioned below:

  • Regulation on the Erasure, Destruction and Anonymizing of Personal Data (published in the Official Gazette dated October 28, 2017, numbered 30224);
  • Regulation on the Working Procedures and Principles of Personal Data Protection Board (published in the Official Gazette dated November 16, 2017, numbered 30242);
  • Regulation on the Registry of Data Controllers (published in the Official Gazette dated December 30, 2017, numbered 30286);
  • Regulation on the Organization of Personal Data Protection Authority (published in the Official Gazette dated April 26, 2018, numbered 30403);
  • The CommuniquĂ© on Procedures and Principles for Compliance with the Obligation to Inform (published in the Official Gazette dated March 10, 2018, numbered 30356);
  • The CommuniquĂ© On The Principles And Procedures For The Request To Data Controller (published in the Official Gazette dated March 10, 2018, numbered 30356);
  • The Decision of Data Protection Board, dated January 31, 2018, numbered 2018/10 on Adequate Measures to be taken by Data Controllers in Processing the Special Categories of Personal Data;
  • Regulation on the Procedures and Principles on the Cross Border Personal Data Transfers (published on the Official Gazette dated July 10, 2024, numbered 32598).

Certain general laws such as the Turkish Criminal Code no. 5237 and sector specific laws such as Electronic Communications Law No. 5809 also touch upon data protection and are mentioned below when relevant.

Continue reading

  • no results

Back to top