Personal Data Protection Law
“Data”, which is considered one of the most valuable assets today, which is the source of individuals ' right to privacy, and which is the most important criterion of companies in creating a commercial strategy and client portfolio, should be protected. This data should be protected by individuals, as well as secured by legal systems. In this context, the applications that started with GDPR (General Data Protection) and entered into force with the Personal Data Protection Law No. 6698 in our country are aimed at ensuring data security. In this context, there are a number of obligations that natural person and legal entities that store personal data must comply with. If these obligations are not met, there is a risk of severe sanctions. In accordance with our legislation, in case of non-compliance with obligations;
- For crimes related to personal data, the provisions of Article 135 to 140 of the Turkish Criminal Act of 9/26/2004 and 5237 apply.
- According to the law, those who violate personal data are sentenced to imprisonment from 1 to 3 years.
- In addition, a person who intercepts this data by way of violation can also be sentenced to imprisonment from 2 to 4 years.
In accordance with the personal data protection law no 6698;
- About those who do not fulfill the lightning obligation provided for in article 10, administrative fine can be imposed from 5,000 Turkish lira to 100,000 Turkish lira,
- For those who do not fulfill the data security obligations provided for in article 12, administrative fine can be imposed from 15,000 Turkish lira to 1,000,000 Turkish lira,
- For those who do not comply with the decisions made by the Council in accordance with article 15, administrative fine can be imposed from 25,000 Turkish liras to 1,000,000 Turkish liras,
- An administrative fine of 20,000 Turkish liras to 1,000,000 Turkish lira is imposed on those who act in violation of the obligation to register and notify the Registry of data principals provided for in Article 16.