Turkish Data Protection OfficerDPO in Türkiye
TURKISH DATA PROTECTION OFFICER (DPO)
Turkish Data Protection Officer should be experienced regarding the protection of personal data and
very competent in the relevant legislation and implementations.
The rapid development of information Technologies and digitalizing business life increase the importance of protecting employees' personal data day by day. The concept of Data Protection Officer was published in the Official Gazette Numbered 31681 on December 6, 2021, and entered into Turkish Law and its practices. The Data Protection Officer is a natural person who regularly monitors/tracks the data controller's legal obligations to protect personal data, meticulously manages the processes related to the measures to be taken, and carries out all necessary transactions independently.
Who is the Data Protection Officer within
the Scope of KVKK?
In the Communiqué on the Procedures and Principles Regarding the Personnel Certification Mechanism (Communiqué) published in the Official Gazette numbered 31681 on December 6, 2021, the procedures and principles regarding DPO certification have been determined with Data Protection Officer Program ("Program") announced by the Turkish Personal Data Protection Authority following the ISO 17024 standard.
Herein, persons who are successful in the exam executed by Personnel Certification Institutions with training participation certificates provided by the Authority and the ISO 17024 standard, whose certification application has been accepted by the Authority.
Herein the duties and responsibilities of the DPO in Türkiye have not yet been regulated in detail, the prerequisites of being DPO have been determined primarily in the Program, and the DPO has been defined as a "real person who has been successful in the exam and is entitled as a data protection officer."
However, the duties have not yet been disclosed, the Data Protection Officer, contrary to the Data Controller Representative, shall directly participate in the protection of personal data processes by creating solutions regarding the needs of the organization to ensure the sustainability of compliance with KVKK, instead perform a representation service.
Who Can Be a DPO under Turkish Laws and
Why is it Necessary?
As per the Communiqué, those who have graduated from faculties of universities that provide at least four years of undergraduate and meet the conditions set in the Program, persons who have graduated from the faculties of universities that provide at least four years of undergraduate and who meet the conditions regulated in the Program, who have obtained a certificate of participation in the last 4 years before the exam date or who have a valid Turkish Data Protection Officer certificate, are eligible to apply for the Turkish Data Protection Officer certification exam at the end of the four years, which is the validity period of it.
To entitle as a Turkish DPO, the qualification should be documented with the Program announced by the Authority. In other words, the person appointed by your organization shall not be considered under regulation.
Which Organizations Should Appoint a DPO According to Turkish Laws?
Pursuant to the Communiqué published within the scope of Turkish Personal Data Protection Law numbered No. 6698, the conditions for entitled as a Data Protection Officer and certification have been announced, however, the terms of appointing a Data Protection Officer have not yet disclosed. On the other hand, it is expected that the requirement regarding the appointment of DPO for organizations that process data on a large scale and systematically or whose main field of activity is to process sensitive personal data.
However, the European DPO (Data Protection Officer), which is a title under GDPR and similar to Turkish DPO according to Turkish Laws, has been implemented for many years. Pursuant to Article 37 of GDPR and the following provisions, organizations monitor their personal data protection processes through their appointed European DPO (Data Protection Officer.)
Click for detailed information regarding European DPO (Data Protection Officer.)
As CottGroup®, you could also contact us to review the details of our consultancy during the compliance process and the scope of sustainability services offered by us to our customers after the compliance process is completed.