TURKISH DATA PROTECTION OFFICER (DPO)

In the Communiqué on the Procedures and Principles Regarding the Personnel Certification Mechanism (Communiqué) published in the Official Gazette numbered 31681 on December 6, 2021, the procedures and principles regarding DPO certification have been determined with Data Protection Officer Program ("Program") announced by the Turkish Personal Data Protection Authority following the ISO 17024 standard.

Herein, persons who are successful in the exam executed by Personnel Certification Institutions with training participation certificates provided by the Authority and the ISO 17024 standard, whose certification application has been accepted by the Authority.

Herein the duties and responsibilities of the DPO in Türkiye have not yet been regulated in detail, the prerequisites of being DPO have been determined primarily in the Program, and the DPO has been defined as a "real person who has been successful in the exam and is entitled as a data protection officer."

However, the duties have not yet been disclosed, the Data Protection Officer, contrary to the Data Controller Representative, shall directly participate in the protection of personal data processes by creating solutions regarding the needs of the organization to ensure the sustainability of compliance with KVKK, instead perform a representation service.

As per the Communiqué, those who have graduated from faculties of universities that provide at least four years of undergraduate and meet the conditions set in the Program, persons who have graduated from the faculties of universities that provide at least four years of undergraduate and who meet the conditions regulated in the Program, who have obtained a certificate of participation in the last 4 years before the exam date or who have a valid Turkish Data Protection Officer certificate, are eligible to apply for the Turkish Data Protection Officer certification exam at the end of the four years, which is the validity period of it.

To entitle as a Turkish DPO, the qualification should be documented with the Program announced by the Authority. In other words, the person appointed by your organization shall not be considered under regulation.

Pursuant to the Communiqué published within the scope of Turkish Personal Data Protection Law numbered No. 6698, the conditions for entitled as a Data Protection Officer and certification have been announced, however, the terms of appointing a Data Protection Officer have not yet disclosed. On the other hand, it is expected that the requirement regarding the appointment of DPO for organizations that process data on a large scale and systematically or whose main field of activity is to process sensitive personal data.

However, the European DPO (Data Protection Officer), which is a title under GDPR and similar to Turkish DPO according to Turkish Laws, has been implemented for many years. Pursuant to Article 37 of GDPR and the following provisions, organizations monitor their personal data protection processes through their appointed European DPO (Data Protection Officer.)

Click for detailed information regarding European DPO (Data Protection Officer.)

As CottGroup^®, you could also contact us to review the details of our consultancy during the compliance process and the scope of sustainability services offered by us to our customers after the compliance process is completed.