October 2024 – The Turkish Data Protection Authority (“DPA”) did not publish any decisions or announcements in September; however, several important events took place. We summarise these for you below.
A New Era of Cross-Border Data Transfers
As of 1 September 2024, data controllers must now comply with the new rules regarding cross-border data transfers introduced by the amendments to the Turkish Data Protection Law ("DP Law") on 12 March 2024.
Among the new rules are the introduction of Standard Contractual Clauses (“SCCs”), which are now a key mechanism for managing cross-border data transfers. Data controllers must sign SCCs with their data importers and submit the signed SCCs to the DPA within five days of execution. These steps ensure compliance and reinforce data protection practices.
Dive into latest updates
1. Conference on cyber security and personal data protection
In September the DPA organised a significant event on cybersecurity and data protection with four sessions: "Personal Data Security in the Digital Age: Protecting Personal Data"; "Cybersecurity Policies and Strategies: Cybersecurity in the New Digital Age"; "Cryptocurrency Law and Blockchain Technologies"; and "Forensic Informatics and Cybercrime".
The event provided valuable insights into current cybersecurity risks and strategies for the protection of personal data, with updates on recent developments.
2. Artificial intelligence commission established
A parliamentary research commission has been established by a decision of the Turkish Grand National Assembly to determine the steps to be taken regarding the benefits of artificial intelligence, to create a legal framework for this field, and to establish measures to mitigate the risks associated with the use of artificial intelligence.
3. DPA’s 4th Annual Summit on Personal Data Protection
The DPA, in collaboration with Turkish Informatics Association, held its 4th annual summit titled “Law in the Digital Era”. The summit addressed crucial topics such as:
- aligning with the GDPR;
- raising awareness on personal data protection;
- the latest technological developments, particularly AI-related personal data processing;
- the impact of digital transformation on privacy law.
The summit, which our team also attended, was organised into three sessions:
- Artificial Intelligence and Personal Data, which focused on AI’s role in cybersecurity and data security;
- 2024 Amendments to Turkish Data Protection Law, which provided insights on procedures for cross-border data transfers and the necessary safeguards;
- EU Regulations Overview, which covered recent updates in EU regulations related to data protection.
Data breach notifications
- A data breach occurred at İncirli Sağlık ve Sosyal Tesisler and the personal data of employees and patients was affected.
- A data breach at Kentaş Gıda Pazarlama ve Dağıtım Ticaret affected the personal data of users, employees, customers and potential customers.