Compare with different regulatory event:
On 1 December 2021, the Turkish Central Bank published and implemented a communiqué on the management of information systems and data sharing by payment providers. According to the communiqué, financial institutions (specifically, the board of directors) are responsible for ensuring the security of information systems. Institutions must implement an information security system as well as data protection measures, including safeguards for sensitive customer data and information mechanisms for data breaches. In addition, the sharing of sensitive customer data can only occur with user consent.
Original source