Data Protection

The Personal Data Protection Law (KVKK), which entered into force on April 7, 2016, and the European Union General Data Protection Regulation (GDPR), which entered into force on May 25, 2018, require individuals, companies and institutions to comply with this new data protection laws.

The Law No. 6698 on the Protection of Personal Data (“Law”) regulates the obligations of the data controller. Data controller according to the law; are natural or legal persons who determine the purposes and means of processing personal data and are responsible for the establishment and management of the data recording system.


According to the Law, companies that do not fulfill their obligations may face administrative and penal sanctions. In case of violation administrative fine between 5 thousand to 1 million Turkish Lira (TRY) per violation can be imposed, depending on the nature of the violation, and again, depending on the nature of the violation, a prison sentence of 1 to 4.5 years can be imposed.

Als GSU we are assisting our clients especially on the following issues:
• Compliance with General Principles
• Compliance with Personal Data Processing Conditions
• Preparation of Disclosure Obligation Texts and Fulfillment of Obligation
• Determining Personal Data Security Policies and Procedures (Deletion / Destruction / Anonymization)
• Data Transfer in Compliance with Law / Data Transfer to Abroad
• Ensuring Data Security and Audit Obligation
• Preparing Personal Data Processing Inventory
• Registration to the Data Controllers Registry
• Responding to the Application of the Person whose Personal Data is Processed