With the Personal Data Protection Law (“Law”), many regulations and obligations regarding the processing of personal data have been faced by data controllers and data processors since 2016. It is aimed to protect all personal data collected, stored, modified, transferred to domestic or foreign sources, deleted, modified, that is, briefly processed under certain conditions by the regulations in the Law.
Pursuant to Article 2 of the Law; the provisions shall apply to natural persons whose personal data are processed and to natural or legal persons processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system.
Data controllers are expected to fulfill the procedures and principles specified in the Law, secondary legislation and the regulations introduced by the Personal Data Protection Board. At this point, no distinction is made between public institutions and organizations, natural person or legal entity data controllers.
Below are some examples of data controllers falling within the scope of the Law;
• Companies operating in private sector
• Public Institutions (Municipalities, Universities, Trade Association etc.)
• Pharmacies
• Hospitals
• Associations and Foundations
• Private Schools
• Advocates
• Accountants and Financial Advisors
are covered by the law and Data Controllers who fail to fulfill the necessary obligations may be subject to criminal sanctions.
