Public Announcement on the Draft Documents Regarding Standard Contracts and Binding Corporate Rules

17.05.2024 Gülnur Çakmak Ergene
% 0

On 17.05.2024, the Turkish Personal Data Protection Authority (Authority) released the draft documents concerning standard contracts and binding corporate rules, which are stipulated as appropriate safeguards for cross-border transfer under the amendments to the Law No. 6698 on the Protection of Personal Data (PDPL) for public consultation and evaluation. 

The Authority has published a total of four sets of draft standard contracts to be used for cross-border transfers from data controllers to data controllers, data controllers to data processors, data processors to data controllers, and data processors to data processor.

The standard contracts include provisions on general terms, obligations of the parties, obligations in case of access by national law and public authorities, and miscellaneous such as termination, applicable law, and the determination of the competent court. It is not possible to make changes to these standard clauses except for modifications permitted. 

Additionally, the annexes to the standard contracts include Annex-1, where the details of the transfer (activities of the parties related to the transferred personal data, data subject groups, categories of transferred personal data, categories of transferred sensitive data, legal reason for the transfer, frequency of the transfer, nature and purposes of the processing activity, retention period or criteria for determining the retention period, recipients or group of recipients, and the data exporter’s VERBIS information) can be arranged, and Annex-2 where the applicable technical and administrative measures can be specified.

In addition to the standard contracts, a draft application form and a guide containing fundamental principles that should be included in binding corporate rules, which can be used by groups of undertakings engaged in a common economic activity (Corporate Groups), have been published. The draft documents for binding corporate rules are separated for data controllers and data processors and prepared as two different sets.

Opinions and evaluations on the draft documents can be sent to aktarim@kvkk.gov.tr until 27.05.2024.

You may access the announcement of the Authority in Turkish here.

All rights of this article are reserved. This article may not be used, reproduced, copied, published, distributed, or otherwise disseminated without quotation or Erdem & Erdem Law Firm's written consent. Any content created without citing the resource or Erdem & Erdem Law Firm’s written consent is regularly tracked, and legal action will be taken in case of violation.

Other Contents

Cooperation Protocol Signed between the Turkish Personal Data Protection Authority and the Personal Data Protection Board of the Turkish Republic of Northern Cyprus
Legal Developments
Cooperation Protocol Signed between the Turkish Personal Data Protection Authority and the Personal Data Protection Board of the Turkish Republic of Northern Cyprus

On 18.04.2024, it was announced that a cooperation protocol (Protocol) was signed between the Turkish Personal Data Protection Authority and the Personal Data Protection Board of the Turkish Republic of Northern Cyprus...

Personal Data Protection 25.04.2024
Public Announcement on the Draft Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad
Legal Developments
Public Announcement on the Draft Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad

On 09.05.2024, the Turkish Personal Data Protection Authority (Authority) published the Draft Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad (Draft) and opened the Draft for public opinion and assessment. In this context, opinions and suggestions regarding the...

Personal Data Protection 16.05.2024
Amendment to the Law on the Protection of Personal Data
Legal Developments
Amendment to the Law on the Protection of Personal Data

The Law on Amendments to the Code of Criminal Procedure and Certain Acts numbered 7499 (Law), including Amendments to the Law on Personal Data Protection numbered 6698 (LPDP) was published in the Official Gazette dated 12.03.2024 and numbered 32487...

Personal Data Protection 12.03.2024
Law Amendment Proposal on the Law on the Protection of Personal Data Submitted to the Turkish Grand National Assembly
Legal Developments
Law Amendment Proposal on the Law on the Protection of Personal Data Submitted to the Turkish Grand National Assembly

On 16.02.2024, the Justice Committee of the Turkish Grand National Assembly (TBMM) received the bill (Bill) on the long-awaited amendment to the Law on Personal Data Protection No. 6698 (LPDP). It can be said that the Bill, which introduces regulations similar to the European Union General Data Protection...

Personal Data Protection 20.02.2024
Information Note on Processing of Personal Data on the Legal Ground of Being Stipulated by Laws was Published
Legal Developments
Information Note on Processing of Personal Data on the Legal Ground of Being Stipulated by Laws was Published

On 12.02.2024, the Information Note on Processing of Personal Data on the Legal Ground of Being Stipulated by Laws (Information Note) was published. The Information Note aims to clarify the scope and meaning of the personal data processing legal ground of “being expressly stipulated by law” in Article 5/2(a) of...

Personal Data Protection 15.02.2024
Guidelines on the Protection of Personal Data in Election Activities
Legal Developments
Guidelines on the Protection of Personal Data in Election Activities

On 24.01.2024, the Personal Data Protection Authority published the Guidelines on the Protection of Personal Data in Election Activities (Guidelines). The Guidelines aim to remind public administrations, political parties, candidates, and voters involved in election activities of their obligations or rights under...

Personal Data Protection 26.01.2024
Deepfake Information Note by Turkish Personal Data Protection Authority
Legal Developments
Deepfake Information Note by Turkish Personal Data Protection Authority

On 19.01.2024, the Personal Data Protection Authority published the Deepfake Information Note (Information Note). The purpose of the Information Note is to provide a better understanding of what Deepfake technology is, which is formed from the words deep learning and fake. The key points in the Information Note...

Personal Data Protection 22.01.2024
Guidelines on the Processing of Republic of Türkiye Identity Numbers Published
Legal Developments
Guidelines on the Processing of Republic of Türkiye Identity Numbers Published

On 16.01.2024, the Personal Data Protection Authority published Guidelines on the Processing of Republic of Türkiye Identity Numbers (Guidelines). The purpose of the Guidelines are to provide guidance to data controllers by setting out the provisions of the legislation envisaging the processing of Turkish...

Personal Data Protection 19.01.2024
The Decision of the Personal Data Protection Board Regarding the Exemption of Village Public Legal Entities from the Registration Obligation in the Data Controllers Registry
Legal Developments
The Decision of the Personal Data Protection Board Regarding the Exemption of Village Public Legal Entities from the Registration Obligation in the Data Controllers Registry

The Decision of the Personal Data Protection Board Regarding the Exemption of Village Legal Entities from the Registration Obligation in the Data Controllers Registry, dated 14/12/2023 and numbered 2023/2135 (Decision) is published in the Official Gazette dated 12.01.2024 and numbered 32427... 

Personal Data Protection 12.01.2024
The Announcement Regarding Personal Data Processed to Send Verification Code via SMS During Store Shopping
Legal Developments
The Announcement Regarding Personal Data Processed to Send Verification Code via SMS During Store Shopping

The Personal Data Protection Authority has published a public announcement dated 13.11.2023 regarding the personal data processed in order to send a verification code via SMS to the data subjects during the transactions at the cash register following shopping. You may find a brief explanation of the...

Personal Data Protection 15.11.2023
Personal Data Protection Board Amends the Exception Criteria for the Obligation to Register with the Data Controllers Registry
Legal Developments
Personal Data Protection Board Amends the Exception Criteria for the Obligation to Register with the Data Controllers Registry

With the decision of the Personal Data Protection Board (Board) dated 06.07.2023 and numbered 2023/1154, the “annual financial balance sheet total” adopted by the Board as an exception criteria to the obligation to register to the Data Controllers’ Registry has been increased from 25 million Turkish Liras to...

Personal Data Protection 26.07.2023
Record Fine in GDPR History: Irish Data Protection Commission’s Meta Decision
Legal Developments
Record Fine in GDPR History: Irish Data Protection Commission’s Meta Decision

The decision by the Irish Data Protection Authority (Authority) dated 12.05.2023 on Meta Platforms Ireland Limited (Meta Ireland) (Decision) has been announced on 22.05.2023. Pursuant to the Decision, an administrative fine of 1.200.000.000 Euros was imposed on Meta Ireland...

Personal Data Protection 31.05.2023
The Regulation on the Collection, Storage and Sharing of Insurance Data Entered into Force
Legal Developments
The Regulation on the Collection, Storage and Sharing of Insurance Data Entered into Force

The Regulation on the Collection, Storage and Sharing of Insurance Data (Regulation) entered into force through publication in the Official Gazette dated 18.10.2022 and numbered 31987. Some of the important provisions introduced by the Regulation are summarized...


Personal Data Protection 24.10.2022
Guideline on Banking Sector Best Practices Regarding Personal Data Protection Has Been Published
Legal Developments
Guideline on Banking Sector Best Practices Regarding Personal Data Protection Has Been Published

On 05.08.2022, the Personal Data Protection Authority (“Authority”), published Guideline on Banking Sector Good Practices Regarding the Personal Data Protection (“Guideline”). The purpose of the Guideline is guiding data controller banks regarding the personal data processing activities carried out...

Personal Data Protection 09.08.2022
Briefing for the Impact Assessment of Data Act Has Been Published
Legal Developments
Briefing for the Impact Assessment of Data Act Has Been Published

On 14.07.2022, the European Parliament Research Service published a briefing (“Briefing”) for the impact assessment (“IA”) of the regulation of the European Parliament and the European Council on harmonised rules on fair access to and use of data (“Data Act”), submitted on 23.02.2022...

Personal Data Protection 20.07.2022
Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment has been Published
Legal Developments
Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment has been Published

The Regulation on Processing of Land Registry and Cadastre Data and Transactions Held in Electronic Environment regulating the procedure and principles regarding the process of the data in the Central Database of the General Directorate of Land Registry and the transactions held in electronic...

Personal Data Protection 16.06.2022
The Regulation on Processing and Protection of Personal Data by the Social Security Institution was Published
Legal Developments
The Regulation on Processing and Protection of Personal Data by the Social Security Institution was Published

The Regulation on Process and Protection of Personal Data by the Social Security Institution (“Regulation”) entered into force through its publication in the Official Gazette dated 19.02.2022 and numbered 31755.

Personal Data Protection 23.02.2022
Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published
Legal Developments
Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published

Regulation on Processing of Personal Data and Protection of Confidentiality in the Electronic Communications Sector was Published

Personal Data Protection 4.12.2020
The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp
Legal Developments
The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp

The Personal Data Protection Board Ex-Officio Initiated An Investigation against WhatsApp

Personal Data Protection 13.01.2021
The Personal Data Protection Authority’s New Resolution
Legal Developments
The Personal Data Protection Authority’s New Resolution

The Personal Data Protection Authority’s New Resolution

Personal Data Protection 19.01.2021
The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published
Legal Developments
The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published

The Board’s Decision Regarding Registration Obligation of Commercial Enterprises Affiliated to Associations, Foundations and Unions to the VERBIS has been Published

Personal Data Protection 25.06.2021
The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio
Legal Developments
The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio

The Personal Data Protection Board Announced Its Decision Regarding the WhatsApp Investigation Initiated Ex-Officio

Personal Data Protection 8.09.2021

For creative legal solutions, please contact us.