Guideline on Banking Sector Best Practices Regarding Personal Data Protection Has Been Published

09.08.2022 Merve Demirkaya
% 0

On 05.08.2022, the Personal Data Protection Authority (“Authority”), published Guideline on Banking Sector Good Practices Regarding the Personal Data Protection (“Guideline”). The purpose of the Guideline is guiding data controller banks regarding the personal data processing activities carried out by banks in accordance with the legislation and providing banks best practice examples. The issues stipulated in the Guideline are summarized below:

In the Guideline, it is highlighted that banks process data with great intensity, and categories of processed personal data have been diversified with the proliferation of especially the applications of digital banking and open banking. Moreover, it is emphasized that personal data, particularly special categories of personal data, which may cause irreparable damage to the data subjects in case of a breach, are also processed within the scope of banking activities.

In addition, it is also stated that working groups were established within the cooperation of the Authority and the Banks Association of Turkey and the relevant Guideline was prepared with the working groups, in cooperation with the banking sector and thus, best practices are created.

In general, the Guideline provides detailed explanations and implementation examples with regard to the aspects of personal data protection law concerning the banking sector. In this scope: (i) relationship between data controller - data processor; obligations of data controller banks within the scope of banking activities, (ii) conditions of processing personal data and sector-specific examples, (iii) conditions of explicit consent and methods of obtaining explicit consent, (iv) the relationship between the provisions of the Banking Law No. 5411, the Regulation on the Sharing of Confidential Information and the personal data protection legislation; and which regulation will take precedence in the transfers to be made, and (v) other obligations arising from the legislation, etc. are explained.

All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.

Other Contents

Personal Data Protection Board Amends the Exception Criteria for the Obligation to Register with the Data Controllers Registry
Legal Developments
Personal Data Protection Board Amends the Exception Criteria for the Obligation to Register with the Data Controllers Registry

With the decision of the Personal Data Protection Board (Board) dated 06.07.2023 and numbered 2023/1154, the “annual financial balance sheet total” adopted by the Board as an exception criteria to the obligation to register to the Data Controllers’ Registry has been increased from 25 million Turkish Liras to...

Personal Data Protection 26.07.2023
Record Fine in GDPR History: Irish Data Protection Commission’s Meta Decision
Legal Developments
Record Fine in GDPR History: Irish Data Protection Commission’s Meta Decision

The decision by the Irish Data Protection Authority (Authority) dated 12.05.2023 on Meta Platforms Ireland Limited (Meta Ireland) (Decision) has been announced on 22.05.2023. Pursuant to the Decision, an administrative fine of 1.200.000.000 Euros was imposed on Meta Ireland...

Personal Data Protection 31.05.2023
The Regulation on the Collection, Storage and Sharing of Insurance Data Entered into Force
Legal Developments
The Regulation on the Collection, Storage and Sharing of Insurance Data Entered into Force

The Regulation on the Collection, Storage and Sharing of Insurance Data (Regulation) entered into force through publication in the Official Gazette dated 18.10.2022 and numbered 31987. Some of the important provisions introduced by the Regulation are summarized...


Personal Data Protection 24.10.2022
Briefing for the Impact Assessment of Data Act Has Been Published
Legal Developments
Briefing for the Impact Assessment of Data Act Has Been Published

On 14.07.2022, the European Parliament Research Service published a briefing (“Briefing”) for the impact assessment (“IA”) of the regulation of the European Parliament and the European Council on harmonised rules on fair access to and use of data (“Data Act”), submitted on 23.02.2022...

Personal Data Protection 20.07.2022
Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment has been Published
Legal Developments
Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment has been Published

The Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment regulating the procedure and principles regarding the process of the data in the Central Database of the General Directorate of Land Registry and the transactions held in electronic...

Personal Data Protection 16.06.2022
The Regulation on Processing and Protection of Personal Data by the Social Security Institution was Published
Legal Developments
The Regulation on Processing and Protection of Personal Data by the Social Security Institution was Published

The Regulation on Process and Protection of Personal Data by the Social Security Institution (“Regulation”) entered into force through its publication in the Official Gazette dated 19.02.2022 and numbered 31755.

Personal Data Protection 23.02.2022
Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published
Legal Developments
Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published

Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published

Personal Data Protection 4.12.2020
The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp
Legal Developments
The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp

The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp

Personal Data Protection 13.01.2021
The Personal Data Protection Authority’s New Resolution
Legal Developments
The Personal Data Protection Authority’s New Resolution

The Personal Data Protection Authority’s New Resolution

Personal Data Protection 19.01.2021
The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published
Legal Developments
The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published

The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published

Personal Data Protection 25.06.2021
The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio
Legal Developments
The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio

The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio

Personal Data Protection 8.09.2021

For creative legal solutions, please contact us.