Turkiye: Implemented Personal Data Protection Board’s Regulation on Procedures and Principles Regarding the Transfer of Personal Data Abroad

Compare with different regulatory event:

Description

Implemented Personal Data Protection Board’s Regulation on Procedures and Principles Regarding the Transfer of Personal Data Abroad

On 10 July 2024, the Personal Data Protection Board (PDPB)’s Regulation on Procedures and Principles Regarding the Transfer of Personal Data Abroad entered into force. The regulation implements Article 9 of the Personal Data Protection Law No. 6698, amended by Law no. 7499, specifying the mechanisms data processors can use to transfer data to other jurisdictions. Data transfers are allowed if the conditions for the processing of personal data from Articles 5 and 6 are met and there is an adequacy decision for the destination country, international organisation, or sectors within the country where the transfer will occur. The PDPB has the power to determine the jurisdictions that provide adequate protection for the transfer of personal data abroad. If no adequacy decision exists, personal data can be transferred abroad based on appropriate safeguards, such as non-international agreements and PDPB permission for the transfer, binding corporate rules approved by the PDPB, standard contracts approved by the PDPB, or written commitments ensuring adequate protection and PDPB permission for the transfer. The regulation lists the appropriate safeguards that each mechanism has to include. Finally, in the absence of an adequacy decision and the appropriate safeguards specified cannot be provided, the regulation lists exceptional cases allowing the transfer. Exceptional cases for transferring personal data abroad include situations where the data subject explicitly consents, is necessary for contractual obligations or legal claims, and for transfers required by overriding public interests or from accessible public registers. Transfers may also occur to protect the vital interests of those unable to consent.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2024-05-09
in consultation

On 9 May 2024, the Personal Data Protection Board (PDPB) opened a public consultation on the draft …

2024-05-20
processing consultation

On 20 May 2024, the Personal Data Protection Board (PDPB) closes the public consultation on the dra…

2024-07-10
in force

On 10 July 2024, the Personal Data Protection Board (PDPB)’s Regulation on Procedures and Principl…