Av. Sevcen CAN & Av. Yasemin ÇORAK
In our previous article, we explained the process of application to the controller (Please see…). In this article, we will explain the process of complaint to the Board.
Complaint to the Board:
Data subject has some rights to make a complaint to the Board if he has not obtained their requests through the application method. Data subject cannot make a complaint to the Board before consuming the application process to the data controller.
If the application is declined, the response is found unsatisfactory or is not given in due time, the data subject may file a complaint to the Board within thirty days as of he learns about the response of the controller, or within sixty days as of the application date, in any case.
Article 15 of the Law on Protection of Personal Data regulates the procedures and principles of the examination to be made by the Board. According to this Article;
i. The Board shall make the necessary examination in the matters included its scope of work upon complaint or ex officio, where it is learnt about the alleged violation. The controller shall be obliged to communicate within fifteen days the information and documents related to the subject of examination which the Board has requested, and shall enable, where necessary, on-the-spot examination.
ii. The Board shall finalise the examination upon complaint and give an answer to data subjects in sixty days as of the application date. In case the Board fails to answer the data subject’s application in sixty days, it is deemed to be rejected.
iii. Following the examination made upon complaint or ex officio, in cases where it is understood that an infringement exists, the Board shall decide that any infringement shall be remedied by the relevant controller and notify this decision to all it may concern. This decision shall be implemented without delay and within thirty days after the notification at the latest.
iv. The Board may decide that processing of data or its transfer abroad should be stopped if such operation may lead to damages that are difficult or impossible to recover and if it is clearly unlawful.
In next article, we will explain the Registry of Data Controllers.