Upcoming Registration Deadlines Under Turkey’s Data Protection Law

The Personal Data Protection Board, established by the TDPL, extended the initial deadline for data controllers to register with VERBIS from December 31, 2019, to a various dates in 2020 (depending on the type of organization). Below, we provide a chart of the current registration deadlines.

Once a company is registered with VERBIS, the Turkish Data Protection Authority will have the ability to regulate and securitize registered data controllers. This could spur compliance with the TDPL. The public nature of the registry could also spur interest from individuals and increased exercise of individuals’ rights under the TDPL.

Registration with VERBIS can be completed online here. To complete registration, data controllers are required to provide information on their data process, including the purpose of the processing and the recipients to which the personal data may be transferred.² Any covered data controller (whether a natural or legal person) who does not register with VERBIS by the below-specified deadlines, may be fined 20,000 Turkish Lira (TL) to 1,000,000 TL.³

Turkey’s Personal Data Protection Board has extended the registration deadlines as follows:⁴

¹ Certain data controllers are exempt from this registration requirement, including persons processing data by non-automated means under certain conditions, certain political parties, certain lawyers and others. A full list of data controllers exempt from the registration requirement can be found here.

² Please see Article 16(3) of the TDPL for a full list of the required information.

³ Please see Article 18(d) of the TDPL.

⁴ Please click here to view the original Personal Data Protection Board resolution.

⁵ Please see Article 6(1) of the TDPL for a full list of special categories.