Description

Adopted KVKK guide to transferring personal data abroad

On 2 January 2025, the Turkish Personal Data Protection Authority (KVKK) adopted the guide to transferring personal data abroad. The guide aims to support the implementation of personal data transfers under Law No. 6698 on the Protection of Personal Data and outlines the procedures for transferring personal data abroad. It provides clarity on the roles of data controllers and processors and specifies that the data exporter must be subject to the Personal Data Protection Law. It clarifies that the personal data must be transmitted or made accessible, and the recipient must be in a third country. It emphasises the importance of protecting personal data during cross-border transfers by introducing three transfer mechanisms. The mechanisms include transfers based on adequacy decisions, transfers with appropriate safeguards, including binding corporate rules and non-international treaties, and exceptional transfers. The guide details compliance requirements for each transfer mechanism.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cross-border data transfer regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2025-01-02
adopted

On 2 January 2025, the Turkish Personal Data Protection Authority (KVKK) adopted the guide to trans…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.