Have you appointedyour Data Controller Representative?

DATA CONTROLLER REPRESENTATIVE (DCR) SERVICES

With our DCR Services, we offer you a more scalable approach than hiring an in-house staff. The DCR outsourcing service provides compliance to business-owners by accessing skilled and experienced professionals for their needs in personal data protection.

Organizations located outside of Turkey which collect or process personal data of Turkish citizens and/or Turkish and non-Turkish residents in Turkey, are required to assign a local data controller representative (DCR). The representative must be a Turkish citizen, resident of Turkey or a Turkish entity. Personal data protection legislation in Turkey (KVKK) requires data controllers to notify the Turkish Personal Data Protection Authority regarding their data processing activities. The representative must complete the application in Data Controllers' Registry Information System (VERBIS). Thus, the representative must appoint a contact person who must be a Turkish citizen resident in Turkey. The representative must complete VERBIS registration obligation; it can define itself as the contact person on the system or assign different contact persons with Turkish citizenship resident in Turkey.

The Data Controller Representative to be appointed through our representative service will assist you to comply with the Legislation as well as implementing the following requirements for you. Within this scope, we are going to:

1) Act on your behalf as the representative with the Turkish Personal Data Protection Authority

The Data Controller Representative (DCR) to be appointed acts as a bridge between you and the authority as a point of contact. While transmitting the requests by the Turkish Personal Data Protection Authority to you, the DCR also carries out all the necessary communication with the Authority on your behalf.

2) Become the contact point on personal data processing activities for the Turkish citizens and residents in Turkey

The appointed representative accepts any application submitted to you by a person on your behalf, and in the meantime, it also provides you the details of the application submitted in accordance with the Article 11 of KVKK and relevant legislation. Not limited to this, the representative also follows up the application if it is responded and forwarded by you to the related parties within the legal period and provides you to fulfill your legal responsibility.

3) Conduct the VERBIS registration

The DCR fulfills the necessary steps for VERBIS registration and completes the required information on VERBIS by means of the contact person appointed on behalf of your organization regarding the personal data you process in Turkey. Providing continuity and sustainability in the scope of the relevant services, in the event of a change in your data processing activities within the processes of your organization, the representative also performs the related update on VERBIS.

4) Update you on the regulatory changes regarding the personal data protection law

The representative keeps you updated both in Turkish and English about the updates in legislation, new practices and changes in the current applications regarding the protection of personal data which is an ever-changing process that must be followed at all times. In addition, if there are requirements for you to fulfill due to a change in legislation in accordance with your VERBIS registration obligation, the representative will also check these points with you and take action accordingly.

Have you fulfilled your obligation to
register with VERBIS?

Don't be late! Don't regret it!

The deadline for the VERBIS registration obligation for data controllers is December 31, 2021!

Prior to this date, all data controllers must fulfill their VERBIS Registration Obligation with Turkish Personal Data Protection Law compliance.

Contact us for your VERBIS registration. We will offer tailor-made solutions with the ideal service packages to meet your needs.


Get Offer

The Relevant Legislation in the scope of the Law No. 6698 on the Protection of Personal Data

According to the Article 11 of the By-law on the Data Controllers’ Registry - the scope of the authorization for DCR are as follows:

  1. Notifying or accepting notifications or correspondence made by the Authority on behalf of the data controller,
  2. Forwarding the requests of the Authority directed to the data controller to them and forwarding their response to the Authority,
  3. In case no other basis has been determined by the Board; receiving applications of the data subjects on behalf of the data controller and forwarding them to the data controller in accordance with the first paragraph of the Article 13,
  4. In case no other basis has been determined by the Board; forwarding the response of the data controller to the data subjects in accordance with the third paragraph of the Article 13,
  5. Carrying out the works and transactions related to VERBIS on behalf of the data controller.

Data Controllers' Registry - ARTICLE 16


  1. Under the supervision of the Board, Data Controllers' Registry shall be kept by the Presidency in a publicly available manner.
  2. Natural or legal persons who process personal data shall register with the Data Controllers' Registry before starting to process personal data. However, considering objective criteria to be stipulated by the Board such as the characteristics and the scale of data to be processed, whether or not data processing is based on any law, or whether data will be transferred to third parties, the Board may set forth exemptions to the obligation to register with the Data Controllers' Registry.
  3. Registry applications to the Data Controllers' Registry shall be made with a notification including the following matters:
    • a) Identity and address information of the data controller and of the representative thereof, if any.
    • b) The purposes for which personal data will be processed.
    • c) Data subject persons and data subject groups and explanations regarding data categories belonging to these persons.
    • ç) Recipient or groups of recipients to whom personal data may be transferred.
    • d) Personal data which are envisaged to be transferred abroad.
    • e) Measures taken for the security of personal data.
    • f) The maximum period of time necessary for the purposes for which personal data are processed.
  4. Changes to the information provided as per the 3rd paragraph shall be immediately reported to the Presidency of the Board.
  5. Other procedures and principles related to the Data Controllers' Registry shall be set forth by a regulation.

Notification!

Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

Please consult your client representative if you are a customer of CottGroup® or consult a relevant party or an expert prior to taking any action in regards to the above content.

KVKK & GDPR Consultancy

Contact us for information about KVKK & GDPR

0 (Min. 7 Characters)
Is your company's total annual financial balance over 25.000,000 TL? *
Yes
No

Is the number of your employees above 50, annually?*
Yes
No
Do you transfer personal data outside of Turkey?*
Yes
No

Preferred language of the compliance report and the related documentation to be prepared regarding the service.*
Turkish
English
Turkish-English

I accept to receive newsletters, legislation, current news, new service suggestions, advertisements and announcements.

(*) I have explicit consent to the processing of my data within the framework of Online Visitor Clarification Text and Privacy Policy.

*Required Field

Send
This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.
x
© 2021 VeriSistem®. All rights reserved.