Two-minute recap of recent developments in Turkish Data Protection Law

January & February ’23

Turkish Data Protection Law

Reading time: 86 seconds

March 2023 – A devastating earthquake with a magnitude of 7.8 struck the southern region of Turkey on 6 February. This was followed by another strong earthquake with a 7.5 magnitude, occurring about nine hours later. Due to this disaster, we could not issue our two-minute recap for January 2023. You can find more information on the devastating earthquakes from our two-minute recap here.

In this recap, we will cover recent developments in February, as well as January. During this period, the Turkish Personal Data Protection Authority (“DPA”) made one public announcement and three data breach notifications.

Determination of statutory periods due to the earthquake

While the search-and-rescue operations in the earthquake regions continued, public institutions began to announce additional measures that they had taken. In this context, on 9 February, the DPA made a public announcement regarding the statutory periods to be considered by data controllers and data subjects regarding complaints, notices, data breach notifications, and other obligations within the scope of Turkish DP Law.

The DPA announced that the extraordinary conditions caused by the earthquake will be taken into consideration in the evaluation of the periods specified in Turkish DP Law and related secondary regulations for data subjects, data controllers, and lawyers who are (i) in the provinces where a state of emergency has been declared due to the earthquakes or (ii) in other provinces but are affected by the earthquakes.

Quick reminder: New amounts of fines for non-compliance to DP Law

The DPA announced the new amounts of administrative fines to be considered for 2023, according to the revaluation rate (i.e., 122.93%). Below you can find the new amounts of fines that the DPA has the authority to impose regarding misdemeanours for the year 2023:

Misdemeanours	Fine Amounts for 2023
Non-compliance to fulfil obligation to inform	TRY 29,852 — 597,191 (approx. EUR 1,500 — 29,860)
Non-compliance to ensure data security	TRY 89,571 — 5,971,989 (approx. EUR 4,480 — 298,600)
Non-compliance to comply with the decisions of the DPA	TRY 149,285 — 5,971,989 (approx. EUR 7,464 —298,600)
Non-compliance with the registration obligation with the Data Controllers’ Registry (VERBIS)	TRY 119,428 — 5,971,989 (approx. EUR 5,971 —298,600)

The DPA announced the following data breach notifications in January:

Data Controller	Affected Data Subjects	Affected Personal Data	Number of Data Subjects
Okko Sağlık Turizm İnşaat San. ve Tic.	Employees, Patients	Identity, Communication, Audio and Visual Records, Personnel Information and Health Data	N/A
Reon Sağlık Hizmetleri İnş. Tur. San ve Tic. (Özel Aktif Hastanesi)	Employees, Patients	Identity, Communication, Audio and Visual Records, Personnel Information and Health Data	N/A
Yalova Uzmanlar Sağlık Hizmetleri San.Paz.Tic.	Employees, Patients	Identity, Communication, Audio and Visual Records, Personnel Information and Health Data	N/A

For more information please contact Ceren Ceyhan, Associate, at cceyhan@gentemizerozer.com, and Hatice Nur Arslan, Legal Intern, at narslan@gentemizerozer.com.

All Turkish Data Protection Law

Found this interesting? Subscribe to our monthly Turkish Data Protection Law newsletter to get the latest news delivered to your inbox.

For detailed information on how we processes your personal data, please see the Clarification Text here.

JOIN NOW

JOIN NOW

January & February ’23

August ’23

July ’23

June ’23

May ’23

April ’23

March ’23

January & February ’23

December ’22

November ’22

October ’22

September ’22

August ’22

July ’22

June ’22

May ’22

April ’22

March ’22

February ’22

January ’22

December ’21

November ’21

October ’21

September ’21

August ’21

July 21′

June ’21

May ’21

April ’21

March ’21

February ’21

January ’21

Found this interesting? Subscribe to our monthly Turkish Data Protection Law newsletter to get the latest news delivered to your inbox.