Av. Sevcen CAN & Av. Yasemin ÇORAK
In our previous article, we explained the obligations of the data controller (Please see…). One of the obligations of the controller is to register to Data Controllers’ Registry. In this article, we explain Data Controllers’ Registry and controller’s obligation to register.
Data Controllers’ Registry is maintained by the Personal Data Protection Board publicly. Natural or legal persons who process personal data shall be obliged to register in this Registry before proceeding with data processing. However, by taking into account by the Board such as the nature and quantity of the data processed, the legal requirement for data processing or transferring the data to third parties, the Board may provide exception to the obligation of registration in the Data Controllers’ Registry.
Application for registration shall include followings;
a) identity and address of the controller and of his representative, if any,
b) purposes for which the personal data will be processed,
c) explanations about group(s) of personal data subjects as well as about the data categories belonging to these people,
d) recipients or groups of recipients to whom the personal data may be transferred,
e) personal data which is envisaged to be transferred abroad,
f) measures taken for the security of personal data.
g) maximum period of time required for the purpose of the processing of personal data.
In case of violating the registration obligation, the data controller who are obliged to register may be fined up to 1 million Turkish Liras.