Following the enactment of the Law on the Protection of Personal Data numbered 6698 (“Data Protection Law”) on April 07, 2016, many organizations began reviewing their level of compliance with the Data Protection Law and initiate conducting compliance projects.
Under the Data Protection Law, companies have a transition period of two years meaning that personal data that has been processed prior to the enactment of the law must be brought in compliance with the provisions of the law within the said period.
In case such compliance is not ensured, incompliant personal data will be deleted, destroyed or anonymized. However, personal data for which the consents obtained legitimately before the enactment of the Data Protection Law from the data subjects will be held compliant with the law unless contrary statement is obtained from the data subject within one year as o the date of the law. In addition, for those data subjects’ consent that were legitimately obtained shall be deemed to be in compliance with the Data Protection Law, unless otherwise is communicated by the data subject.
Data Protection Authority (DPA) is currently being established and as the regulations that detail the application of the Data Protection Law will be published within a one-year period as of the enactment of the law, there is currently minimal guidance as to requirements that may be required for Turkey. It is currently not clear how the companies can adapt themselves to the Data Protection Law and ensure all personal data obtained will be brought in compliance or how personal data will be deleted, destroyed or anonymized. It is expected that guidelines will be prepared by the DPA.
However it must be noted that the Data Protection Law came into force as of April 07, 2016, and although certain provisions came into force after six months from its enactment, now it is fully in force therefore organisations are busy with planning compliance projects.
Data protection compliance projects do not have pure legal, technical or organizational aspects. A successful compliance project must combine the three features to ensure and maintain full compliance in the long run.
We would like to summarize in this paper the tips for companies to initiate and complete a successful compliance project: