The Regulation on Data Controller Registry (“Regulation”), which was published in the Official Gazette on 30 December 2017 and entered into force on 1 January 2018, yielded the discretionary powers to determine the exceptions to the obligation to register with the Data Protection Board (“Board”). Please click here to access our e-alert regarding the Regulation.
As per the decision rendered by the Board on 2 April 2018, which was published in the Official Gazette on 15 May 2018, certain data controllers are exempt from the obligation to register with the Data Controllers’ Registry.
The Board has the authority to “introduce certain exemptions to the registration obligation by considering objective criteria such as the category and amount of personal data processed—the amount of processing is stipulated in the laws or transfer of data to third parties” as per the Law on the Protection of Personal Data, with the number 6698.
The following categories of natural persons and legal entities are exempt from registration:
- The data processors who process data using non-automated means on the condition of being a part of data recording system;
- Public Notaries (defined as per the applicable law);
- Associations established per the Associations Law (No.5253) of 4 November 2004, foundations established per the Foundations Law (No.5737) of 18 October 2012 and workers’ unions established per the Law on Workers’ Unions and Collective Bargaining Agreements, providing that the respective legal entity only processes data in accordance with the legislation and for their own purposes, limited to their scope of activities, employees, associates, members and donors;
- Political parties (founded as per the applicable law);
- Attorneys practising under the Attorneyship Law (No.1136) of 19 March 1969; and
- Certified public accountants and sworn-in certified public accountants practising under the Law on Certified Public Accountants and Sworn-in Certified Public Accountants (No.3568) of 1 June 1989.