Turkiye: Adopted KVKK guide to transferring personal data abroad

On 2 January 2025, the Turkish Personal Data Protection Authority (KVKK) adopted the guide to transferring personal data abroad. The guide aims to support the implementation of personal data transfers under Law No. 6698 on the Protection of Personal Data and outlines the procedures for transferring personal data abroad. It provides clarity on the roles of data controllers and processors and specifies that the data exporter must be subject to the Personal Data Protection Law. It clarifies that the personal data must be transmitted or made accessible, and the recipient must be in a third country. It emphasises the importance of protecting personal data during cross-border transfers by introducing three transfer mechanisms. The mechanisms include transfers based on adequacy decisions, transfers with appropriate safeguards, including binding corporate rules and non-international treaties, and exceptional transfers. The guide details compliance requirements for each transfer mechanism.