Article 30 - Amended and Inserted Provisions

(1) The following line was inserted into the Table (III) attached to the Law No. 5018:

“10) Personal Data Protection Authority”

(2) The phrase “Any person” in the second paragraph of Article 135 of the Law No. 5237 was amended as “Any personal data, any person”; and the phrase “Any person who records the information as personal data shall be punished according to the provisions of the above subsection.” as “the punishment to be given in accordance with the first paragraph is aggravated by half more.”

(3) The expression “children” in third paragraph of Article 226 of the Law No. 5237 was amended as “children, symbolic images of children or persons with a juvenile image”

(4) The expression “and” in first paragraph of Article 243 of the Law No. 5237 was amended as “or”, and the following paragraph was added.

“(4) Person who, by employing technical means, illegally monitors the data transfer carried out within an information system or between information systems without entering in the system, shall be punished with imprisonment from one year to three years”

(5) The following Article was inserted to follow Article 245 of the Law No.5237:

“Prohibited device or programmes”

Article 245/A- In case a device, computer programme, password or other security code are produced to commit the crimes inscribed exclusively within this Part and those that may be committed by using information system as a means, the person who produces, imports, dispatches, transfers, stores, accepts, sells, supplies, purchases, lends another person or possesses these shall be punished with imprisonment from one to three years and with a punitive fine up to five thousand days”

(6) Sub-paragraph (f) of the first paragraph of Article 3 of the Health Services Fundamental Law No 3359 of 7/5/1987 was amended as follows:

“f) With the aim of tracking the medical condition of everybody and to ensure that healthcare services are carried out in a more effective and rapid way, Ministry of Health and its associated institutions shall establish the required registration and notification system. This system may also be established in electronic environment in line with the e-State practices. To this end, a nationwide information system may be established by the Ministry of Health.”

(7) Article 47 of the Decree Law No 663 of 11/10/2011 on the Organization and Duties of the Ministry of Health and its Associated Institutions was amended as follows:

“Article 47- (1) Of those applying to the public or private health organizations and health professionals to receive health service, personal data provided compulsorily as a requirement of health service or provided in relation with the service they received may be processed.

(2) The Ministry may process the data obtained within the framework of the first paragraph in order to provide the health services, protect the public health, maintain the services of preventive medicine, medical diagnosis, treatment and care, and to plan the health services and calculate their cost. This data shall not be transferred except for the conditions stipulated under the Law on the Protection of Personal Data.

(3) The Ministry shall establish a system that will enable the persons themselves or any third person authorized by them to access the personal data gathered and processed pursuant to the second paragraph,

(4) Standards relating to the security and reliability of the systems established as per the third paragraph shall be determined by the Ministry in compliance with the principles determined by the Personal Data Protection Board. The Ministry shall take the necessary measures to ensure the security of the personal health data obtained pursuant to the Law herein. To this end, the Ministry shall establish a security system enabling the supervision of the official and the purpose of using the registered data in the system.

(5) Public institutions and organizations, natural persons and legal entities under the private law employing health personnel shall be obliged to inform the Ministry about the personnel employed and the personnel movements.

(6) Other matters relating to the processing and security of personal health data and the implementation of the Article herein shall be governed through a by-law to be put into force by the Ministry.”