Communiqué on the Procedures and Principles to be followed in the Fulfillment of the Enlightening Obligation dated 10.03.2018, Regulation on Deletion, Destruction and Anonymization of Personal Data dated 28.10.2017 and Regulation for Data Controller Registry dated 30.12.2017 have been amended as per the Official Gazette of Turkey dated 28 April 2019. The amendments came into the force on publication date.
In accordance with the recent amendments following changes have occurred:
| Pre-Amendment | Post-Amendment |
| If the personal data are processed with different purposes in each of the units of the Data Controller, then the obligation to enlighten shall be otherwise fulfilled by each unit in addition to the Data Controller. | It is no longer required for units operating under the data controller to fulfill their obligation to enlighten in addition to the data controller. |
| Legal reason for the collection of personal data is not required to be in the Data Inventory prepared by the Data Controller. | Data Inventory prepared by the Data Controller shall now also include the “legal reasons” which consist of reasons of collection of personal data. |
| It is stated in the legislation that only legal persons have the obligation to register the Contract Person to the Data Controller Registry. | It is made clear that both real and legal persons have the obligation to register the Contact Person to the Data Controller Registry. |
| There has been a confusion regarding the Contact Person’s legal status in relation with the Data Controller. | It is made clear that Contact Person is not a legal representative of the Data Controller. |
