Data Controller
"What are the obligations of a data controller under KVKK?"
Quick Answer
Under KVKK, data controllers must fulfill information (privacy notice) duties, take appropriate technical and organisational security measures, respond to data subject requests, and handle breach notifications. VERBIS registration is required only for data controllers that fall within the Board’s registration obligation (subject to exemptions/thresholds).
KVKK Compliance Requirements
Under KVKK, a data controller is the natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data recording system. KVKK sets the main rules on processing personal data in Türkiye, including lawful processing conditions, data subject rights, data security obligations, and administrative sanctions.
Key Points to Remember
- Data controllers must provide a privacy notice (information duty) to data subjects and maintain internal compliance documentation (e.g., retention & destruction policy where applicable).
- Data controller registration with VERBIS may be required
- A data controller must comply with KVKK processing conditions, and if it transfers personal data abroad, it must also comply with the cross-border transfer regime.
- Data subject rights must be respected and facilitated
Practical Implementation
In practice, data controllers should (i) map processing activities, (ii) prepare privacy notices, (iii) implement access controls and security measures, (iv) set procedures to respond to data subject applications within statutory timelines, and (v) prepare an incident/breach response plan.
The Personal Data Protection Board may impose administrative fines and other measures for non-compliance. Controllers should periodically review and update their KVKK compliance program as processing activities and regulations evolve.
Need Expert Legal Guidance?
Our experienced attorneys can help you navigate data controller obligations under Turkish law.
Schedule a Consultation