Duyurular

Turkish Data Protection Authority Updates the Personal Data Security Guidelines

The Personal Data Security Guidelines (Technical and Administrative Measures) (“Guidelines”), prepared by the Turkish Data Protection Authority (“Authority”) has been updated and published on the Authority’s official website.

According to the Guidelines;

  • The language of the Guidelines has been simplified while preserving conceptual integrity, and the terminology has been updated in line with technological developments.
  • Sections concerning employee training, awareness activities, internal audit processes, and relations with data processors have been made more detailed and practically applicable. Within this framework, the principle of “everything is prohibited unless explicitly permitted" has been emphasized.
  • Cybersecurity practices, encryption methods, access control, and backup processes have been explained in greater detail. In particular risks and measures related to two-factor authentication, intrusion detection and prevention systems, and data collection via mobile applications have been emphasized.
  • The explanations regarding the security obligations of cloud service providers have been made more concrete. The Guidelines clearly state that the data controller is responsible for assessing the technical and administrative measures implemented by the cloud service provider and for auditing the adequacy of those measures.
  • It is also stated that personal data stored in cloud environments should be encrypted using cryptographic methods during both transfer and storage processes, and that separate encryption keys should be used for each cloud solution and securely managed through asymmetric encryption methods.
  • It is emphasized that, upon the termination of the service relationship, all personal data must be irreversibly destroyed in a manner that prevents any future access.

You can access the full text of the Guidelines (in Turkish) here.

 

Kind regards,

Zumbul Attorneys-at-Law

info@zumbul.av.tr


All information and documents on our website have been prepared by Zumbul Attorneys at Law for general informational purposes only, in accordance with the Attorneyship Law, other relevant legislation and the Professional Rules of Attorneyship of the Union of Turkish Bar Associations. These publications are not intended for advertising or commercial purposes. The information and documents provided are of a general nature and under no circumstances, do they guarantee or warrant that the content is complete, accurate, up-to-date, or reliable. You should not rely on the information and documents on this website without first consulting a lawyer or expert. The links included in our website’s publications are sourced from publicly available materials and are provided solely for the convenience of visitors in accessing additional information. These links do not constitute any form of recommendation or endorsement of the linked persons, institutions or organizations. The information on this website does not in any way constitute legal advice or establish an attorney-client relationship with visitors to the site. All content on this website is the property of by Zumbul Attorneys at Law, and no content may be copied, reproduced, or used without prior written permission.