According to the decision of the Personal Data Protection Authority (“KVKK”) dated 17.12.2019 numbered 2019/387, the deadline for registration obligation to Data Controllers' Registry Information System ("VERBIS") has been extended.

In Türkiye, the most significant step towards the protection of personal data is the Personal Data Protection Law (KVKK ) numbered 6698 which entered into force after its publication in the Official Gazette dated April 7, 2016. The law includes provisions that grant time period to the real persons whose data are processed and the natural and legal persons who process such data, until April 7, 2018 for conducting compliance with the law. Similarly, the European Union General Data Protection Regulation (GDPR) entered into force on May 25, 2018 and constituted an important stage in the improvements made towards protection of personal data in Europe.

In the Paragraph 5 of the Article 12 of the Turkish Personal Data Protection Law (“KVKK”) No.6698, in the event that the personal data processed is obtained by third parties by illegal means as a result of a data breach, the data controller shall inform the data subject and the Board as soon as possible. In case it is found necessary, the Board may announce the details of the breach on its website and/or in any other way that is considered appropriate.

Due to the activities on personal data processing in Türkiye, legal persons which are located abroad;

Legal persons residing abroad,

The branches of legal persons residing abroad,

The liaison offices of legal persons residing abroad

the Turkish Data Protection Board announced a decision no: 2019/225 (“Decision”) in regards with the personal data protection Law numbered 6698, as a result of the examination whether these entities are to be considered as data officers and whether there is an obligation for these entities to submit a record to the Data Responsible Register (“Registry”).