Turkey’s new “Law on the Protection of Personal Data” entered into force on April 7, 2016 and provides a framework similar to the European Union’s data protection regime.  The law applies to personal data processed “wholly or partly by automatic means” and to non-automatic processing of personal data “which form part of a filing system.”  The law also requires the establishment of a Data Protection Authority and a Data Protection Board by October 7, 2016 to oversee its provisions, including establishing and maintaining a registry of active data controllers, which must register with the Board.  For the collection of new information, companies must now comply with most of the law’s provisions; but for data collected before April 7, companies have a two-year period in which to ensure compliance.