According to the decision of the Turkish Personal Data Protection Authority ("KVKK") dated 11.03.2021 and numbered 2021/238, the deadlines for registration obligation to Data Controllers' Registry Information System ("VERBIS") have been extended.

With the relevant decision, it has been concluded that,

• For natural and legal person data controllers with more than 50 employees annually or a financial balance of more than 25 million TL annually, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.12.2021,
• For natural and legal person data controllers resident abroad, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.12.2021
• For natural and legal person data controllers with less than 50 employees annually and a financial balance of less than 25 million TL annually, and whose main activity is sensitive personal data processing, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.12.2021,
• For public institutions and organizations, the deadline for fulfilling VERBIS registration and declaration obligation to Registry to be extended to 31.12.2021,

and this decision to be announced at the website of the Authority and to be published in the Official Gazette.

We would like to emphasize that the relevant decision did not bring any changes about the compliance with the Law No. 6698 on the Protection of Personal Data ("KVKK") other than the registration deadline to VERBIS.

In order to protect the fundamental rights and freedoms of individuals, especially the privacy of individuals, natural and legal persons who process personal data are required to complete the compliance processes related to their administrative and technical obligations in processing personal data.

The Regulation on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector ("Regulation") was published in the Official Gazette dated 4.12.2020 with no. 31324. The Regulation regulated within the scope of Electronic Communications Law Numbered 5809 ("Law"), and sets forth the terms and conditions to be followed by the operators who operate in the electronic communications sector in terms of the data they obtain within the scope of providing electronic communications services, including legal person subscriptions.

The regulation covers companies that provide electronic communication services and/or provide electronic communication networks and operate their infrastructure within the framework of authorization ("Operator"). The featured statements in the Regulation are as follows:

Pursuant to duplicated Article 298 of Tax Procedure Law, revaluation rate has been published in the Official Gazette numbered 31318 and dated 28.11.2020. Revaluation rate announced in the rate of 9,11% (nine comma eleven) for 2020.

According to the rate, the administrative fines in Article 18 of the Turkish Personal Data Protection Law ("KVKK") numbered 6698 shall be imposed in 2021 as in the following amounts:

Data controllers are obliged to take the necessary technical and administrative measures to ensure data privacy and data security within the scope of both the Turkish Personal Data Protection Law No. 6698 ("KVKK") and the European Union General Data Protection Regulation ("GDPR") in Europe. These measures are not specified in a limited number, but they are stipulated to determine the need of data controllers for "necessity." This necessity differs for each activity.

In addition, the life cycle of personal data in the business activities of the organization changes over time. For example, a marketing activity or employee satisfaction activity may occur, which does not currently exist; an existing process may be terminated, the customer portfolio may expand from domestic to abroad, and private companies may be included into suppliers.