Turkey’s Law on Personal Data Protection (LPDP)
Turkey’s Law Data Protection 2016 is the first such law in the country. Previously, Turkey had no specific legislation on protecting personal data. Enacting the data protection law lasted over 35 years.
Today, according to the law on protecting the personal data of Turkey, any processing or storage of personal data without the explicit consent of the data subject is prohibited. There are also exceptions where such consent is not required.
Administrative fines for non-compliance with the Turkish data protection law amount to 3% of the net annual sales of the company.
Read below to see if you fall into a category that needs to comply with the law and how to ensure compliance.
Who must comply with the Turkey’s Law on personal protection (LPDP)
According to data protection law, there is no distinction between private corporations and public authorities. This means that the rules contained in it apply to all institutions and organizations!
This law has no territorial scope, which means that it applies to all natural and juristic persons processing data originating in Turkey. Regardless of whether those people are located in Turkey or abroad.
The Data Protection Act will apply to your business if:
- you are a person or legal entity who fully or partially processes that data through automatic or non-automatic means only for the process that is part of any data registry system established by law.
Turkey’s law on personal data protection protects you if:
- you are a person/a citizen of Turkey whose data is being processed!
How to ensure compliance with Turkey’s LPDP
In order to comply with Turkey’s LPDP, perform a check and review and ensure that:
- The owner of the data gives explicit consent to the processing of that data
- It is a situation in which it is impossible to obtain explicit consent from the owner of the data, and it is necessary to protect his life and/or physical integrity
- The legislation clearly provides for the processing of that data
- data processing is necessary to protect the legitimate interests of the data controller
- The processing of personal data is mandatory for protecting a right
- The data that is subject to processing is relevant, for concluding a contract, or for performing legal obligations
If you are a company or individual who processes personal data, it’s crucial to comply with the rules of Turkey’s Law on personal data protection. Start implementing LPDP and save yourself and your business from penalties for non-compliance!