2022 Legislative Predictions about Data Protection for Turkey
Turkey celebrated the fifth year of its first-generation data protection code in 2021, which has made bold moves to enhance Turkish data protection culture. In 2022, eyes will be on the march toward the revision of the Turkish Data Protection Act, a move that appears to be gaining momentum. It is possible we will see an act more compliant with the EU’s third-generation regulation, the GDPR.
One of the Turkish presidency’s strategic aims in the 11th Development Plan is the revision of the Turkish Data Protection Act to comply with EU standards. The Ministry of Justice correspondingly set the timeline for the reform process. The legislation is anticipated to be enacted in April 2022 after receiving public opinion. Turkey will likely follow the same path as the EU by adopting a risk-based approach and the accountability principle with this reform package. These adoptions may be considered the essence of the prospective act.
As for the details, conditions for processing special categories of personal data that are challenging in Turkey’s corporate world will be readjusted in harmony with the GDPR. Moreover, the means for transfers of personal data abroad as provided in the law in force will possibly be extended with novel appropriate safeguards such as BCRs, codes of conduct and approved certifications. Another critical prospective revision might be presented in the increase of the current administrative fines that are insufficient to enforce the law effectively. In sum, the new legislation package may prove that Turkey will be increasingly considered a strict follower of countries with relatively more harmonized data protection regulations.
This is originally published in IAPP White Paper: 2022 Global Legislative Predictions
