Personal Data Protection

ERSONAL DATA PROTECTION LAW
Law Number : 6698
Date of Ratification : 24/3/2016
Published in Official Gazette : Date: 7/4/2016 Number: 29677
Published on the Law : Order: 5 Volume Number: 57

FIRST CHAPTER
Purpose, Scope and Definitions



Purpose

ARTICLE 1 – (1) The purpose of this Law is to protect fundamental rights and freedoms of persons, particularly the right to privacy, with respect to processing of personal data and to set forth obligations, principles and procedures which shall be binding upon natural or legal persons who process personal data.



Scope

ARTICLE 2 – (2) The provisions of this Law shall apply to natural persons whose personal data are processed and to natural or legal persons processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system.



Definitions

ARTICLE 3 – (1) For the purposes of this Law:

(a) “Explicit consent” means freely given, specific and informed consent,

(b) “Anonymization” means rendering personal data impossible to link with an identified or identifiable natural person, even through matching them with other data,

(c) “President” means President of the Personal Data Protection Authority,

(ç) “Data subject” (natural person concerned) means the natural person, whose personal data are processed,

(d) “Personal data” means any information relating to an identified or identifiable natural person,

(e) “Processing of personal data” means any operation which is performed on personal data, wholly or partially by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof,

(f) “Board” means the Personal Data Protection Board,

(g) “Authority” means the Personal Data Protection Authority,

(h) “Data Processor” means the natural or legal person who processes personal data on behalf of the data controller upon its authorization,

(i) “Data filing system” means the system where personal data are processed by being structured according to specific criteria,

(j) “Data Controller” means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.