I. Obligation To Protect Personal Data

Personal data is any information relating to an identified or identifiable natural person. This information may be related to the personal values of the person, his/her assets or the physical and social environment in which he/she lives. Although personal data is not a secret most of the time, real persons, as they are social beings, disclose many of their data to other real and even legal persons with whom they are in contact.

Data Controller and Data Processor Concepts

The Personal Data Protection Law is a young law that entered into force in 2016. For this reason, it can be easily said that it has taken shape in accordance with the needs of our age. The purpose of The Personal Data Protection Law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and procedures and principles to be followed by real and legal persons who process personal data. In line with this purpose, the law has made many regulations and tried to clarify the relevant concepts. The concepts of data processor and data controller are among the concepts regulated in the KVKK.

Personal Data Protection Law No. 6698 (KVKK) entered into force in 2016. The law, which aims to protect the rights and freedoms of individuals in the right way, stipulates its purpose in its first article as follows:

Data controllers are required to register with the Data Controllers Registry Information System ("VERBIS") within the scope of the Law Personal Data Protection Law No. 6698 ("Law") and the Regulation on the Registry of Data Controllers ("Regulation"). It is stated in the article 16 of the Law, "Natural or legal persons who process personal data shall register with the Data Controllers' Registry prior to the start of data processing." However, the procedures and principles regarding the obligation to register with VERBIS are determined by the Regulation.