Effective April 2, 2016, Turkey adopted the Law on the Protection of Personal Data ("Personal Data Law") to harmonize Turkish data protection rules with the European Union.

The Personal Data Law is modeled after EU Data Protection Directive 95/46/EC and sets forth a general framework that addresses, in part,

  • individual privacy rights,
  • adequate disclosure and informed, affirmative consent by residents in Turkey,
  • security and other data protection measures, and
  • administrative fines and criminal sanctions (including prison sentences under the Turkish Criminal Code) for the unlawful collection, processing and transmission of personal data.

The Personal Data Law provides for a transition period for businesses to bring their data privacy functions in Turkey into compliance with the new rules, and the Turkish Data Protection Authority will adopt implementing regulations during the coming year.