.

Who is Data Registrar?

Data Registrar is a professional representation services company. Data Registrar provides representation services to non-resident data controllers for complying with their data controller registry obligations under the Turkish Data Privacy regulations.

Read More

What are the data controller registry obligations?

Article 16 of the Law on the Protection of Personal Data with number 6698 (the “Law”), all data controllers are obliged to register with Data Controllers Registry (the “Registry”) prior to processing personal data. Data Controllers are obliged to register before the Data Controllers’ Registry prior to processing personal data even if said controllers are not established in Turkey.

Data Registrar is able to fulfill all requirements for a Turkish resident representation services provider and assists its principals covering all statutory needs.

The Registry shall be conducted via Internet, by means of digital system called Data Registry Information System (“VERBİS”).

Data Controller Representative must be a Turkish resident real person or legal entity.

Data controllers that are not established in Turkey and processing personal data as a result of its commercial activities targeting the Turkish market and/or users, are obliged to assign a Data Controller Representative. 

Data Controller Representative will perform data controllers’ registry obligation on behalf of the data controller. At the same time, such representative is the person who will also carry out the notices and correspondences made by the Personal Data Protection Authority on behalf of the data controller.

What is the Sanction of Not Completing the Registration Until the Deadline?

The foreign-established entities that do not complete their registration at VERBIS until the 31st of December 2021 may be imposed with administrative fine amounting up to TRY 5.971.989 (app. USD 298.599) Furthermore, Turkey’s Data Protection Authority may request the related data processing activities regarding the personal data of Turkish individuals are ceased.
Read More

What are the Procedures to be

Consummated by the Foreign-Established Data Controllers?

Appointment of a Data Controller Representative

Foreign established entities processing personal data in Turkey are under the obligation to appoint a data controller representative (either a legal or a natural person), so as to comply with the registration obligation. If foreign established companies have a subsidiary in Turkey they may well assign the subsidiary as their representative.

Depending on the requirements of the jurisdiction in which the appointing entity is established, such appointment may be accomplished via the issuance of either (i) an appointment resolution, or (ii) a power of attorney.

Read More

Preparation of a Personal Data Processing Inventory

According to the local data protection regulations, the foreign-established data controllers are required to prepare a personal data processing inventory, which requires a content to a certain extent different from that of GDPR and contains at least the following information:

  • purposes of personal data processing activities
  • legal grounds of such processing activities,
  • data categories associated with the processing activities,
  • recipient groups of the processing activities,
  • data subject groups of the processing activities,
  • the maximum retention period required by the purposes of the processing,
  • personal data envisaged to be transferred abroad and
  • measures taken concerning data security.
Read More
© 2020 Data Registrar. All rights reserved.