• Home
  • eAlerts
  • Turkey: The Draft Regulation on the Erasure, Destruction or Anonymisation of Personal Data

Turkey: The Draft Regulation on the Erasure, Destruction or Anonymisation of Personal Data

Turkiye
09/06/2017
Download PDF

The draft regulation

The Draft Regulation on the Erasure, Destruction or Anonymisation of Personal Data (“Draft Regulation”) was made available by the Data Protection Board (“Board”) for public appraisal and shall be online until 12 June 2017. Any opinions and suggestions can be sent to [email protected].

The Draft Regulation was prepared based on Article 7 of the Law on Data Protection No. 6698 (“Data Protection Law”). Please click here to access the Draft Regulation. The text is in Turkish only.

Purpose and scope of the draft regulation

According to the Data Protection Law, if the reasons for which the personal data is being processed are no longer valid, the personal data shall be erased, destroyed or anonymised by the data controller ex officio or upon the request of the data subject, regardless of whether the personal data was processed in accordance with this Data Protection Law and other relevant legislation. In addition, the procedures and principles related to the erasure, destruction or anonymisation of personal data are regulated by this Draft Regulation. However, the Draft Regulation does not provide detailed procedures and principles, but instead set outs the general terms and principles.

Policy

The Draft Regulation states that data controllers have to prepare a policy with respect to data storage and its erasure and destruction, or the anonymisation process and policy is to be prepared according to the personal data processing inventory. As defined under the Draft Regulation, the personal data processing inventory refers to: (i) the manner in which data controllers process personal data, as well as the reasons for doing so; (ii) the data category; (iii) the recipient group, which it is being transferred to; (iv) and the subject of the data. Although the scope of the policy is determined under the Draft Regulation, it is drafted on a broader scale, which might lead to impediments in practice.

Punishment

The Data Protection Law states that those who fail to erase or anonymise personal data in the manner described in Article 7 of said Law shall be punished pursuant to the Turkish Criminal Code No. 5237. This means that those who do not comply with this regulation may receive a prison sentence of up to two years.

Search Filters

Advanced Search

Key contacts

Related content