2019 KVKK & GDPR July Newsletters Headings

Decision Summaries of the Month

For Information About the Important Decision Summaries of the Month

Click Here

Information Guide

For Information About the Information Guide of the Month

Click Here

Legislation Analysis

For Information About the Legislation Analysis of the Month

Click Here

Your Time is Running Out

What is VERBIS?

For Further Information About Data Controllers' Registry Information System

Click Here

2019 KVKK & GDPR July Newsletter Decision Summaries of the Month

  • A Fine of TL 50,000 to The Data Controller Lawyer
  • Use Of Personal Data Is A Data Processing Activity As Well
  • Decision About The University And Responsible Parties
  • Precedent Decision: Procurement Of Service From Service Providers Whose Servers Are Located Abroad Constitutes Transfer To Abroad
  • Two Decisions About The Processing Of Biometric Data
  • Which Are Regarded As Private Personal Data
  • A Fine Of Tl 50,000 Charged To The Joint-Stock Company Which Sends Electronic Commercial Messages To The Relevant Person Without That Person’s Express Consent

2019 KVKK & GDPR July Newsletters Information Guide

Is the Board Bound by the Demand When It Makes Its Decisions?

One of the fundamental principles in civil procedures is the principle of being bound by the scope of the demand as set forth in Article 26 of the Code of Civil Procedures (CCP) no. 6100. Other than certain exceptional cases, the Court may decide for anything beyond or other than the demand; that being said, it is evident from the decisions of the Personal Data Protection (PDP) Board that the Personal Data Protection Law (PDPL) no. 6098 is a law containing unique applications specific to it.

What Is Biometric Data?

According to the GDPR, “biometric data” means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data.

2019 KVKK & GDPR July Newsletters Legislation Analysis

General Data Protection Regulation (GDPR)

Article - 3 Regional Scope

Territorial scope

  1. This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
  2. This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
    • the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
    • the monitoring of their behaviour as far as their behaviour takes place within the Union.
  3. This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law