The Regulation on Data Controllers’ Registry, which entered into force on January 1, 2018, sets out certain requirements for data controllers.
Please be informed that you are subject to this Regulation and relevant data protection legislation if you process any personal data collected from Turkey.
Therefore, even if you do not have any physical presence in Turkey, you are required to take these steps.
You may visit our relevant post to learn about the general requirements as we will only focus on one interesting requirement at this post; the obligation to appoint a data controller representative.
This requirement, which is stipulated under Article 11 p.2 of the Regulation, is specific to data controllers with no presence (physical & legal) in Turkey. Therefore any real or legal person that collects personal data from Turkey and do not have any presence in Turkey must appoint a Data Controller Representative.
Pursuant to the relevant Article 11 the representative must have the following powers;
A) To accept notices or correspondence sent by the Board or the Authority on behalf of the Data Controller, B) To respond correctly to the requests made by the Board or Authority on behalf of the Data Controller, C) To accept and respond to data subject requests on behalf of the Data Controller and, D) To manage the Registry operations on behalf of the Data Controller.
Therefore we recommend everyone who collect personal data from Turkey to get ready to appoint a Data Controller Representative.
Comments