Topic: Data protection and cybersecurity

Turkey’s Data Protection Authority (the “DPA”) and its ultimate decision-making body, the Data Protection Board (the “Board”), handed down a series of noteworthy decisions concerning financial institutions and how they processed client data during 2020.

The Turkish Data Protection Law (the “Law”) regulates the transfer of personal data outside of Turkey in detail.

Service providers who wish to use electronic messaging for commercial purposes are required to register with the Commercial Electronic Communication Management System (“CMS”, İleti Yönetim Sistemi).

In July, the CJEU gave judgment in the case known as Schrems II, a landmark data protection case about how companies can lawfully transfer personal data around the world.

The COVID-19 pandemic has transformed the way in which many businesses operate.

The Data Controllers' Registry or VERBİS is a publicly available database kept by the Data Protection Board (the “Board”), the decision-making body of the Turkish Data Protection Authority (the “DPA”). Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be recorded with VERBİS prior to processing any personal data.

Amendments to the Regulation on Commercial Communications and Commercial Electronic Messages (the “Regulation”) were published in the Official Gazette on January 4, 2020.

The COVID-19 pandemic is affecting daily life in an unprecedented way.

Personal data relating to race, ethnic origin, political opinion, philosophical belief, religion, religious sect or other belief, clothing and appearance, membership in associations, foundations or trade-unions, data concerning health, sexual life, criminal convictions and security measures, biometric and genetic data are defined as sensitive data in Turkish data protection legislation.

The Communique on the E-Commerce Trust Badge, which has been in force since June 2017, now bears fruit: The first batch of online businesses start placing the trust badge on their websites in January 2020.