DATA PROTECTION AUTHORITY LOOSENS DATA PRIVACY RULES AS CORONAVIRUS CONTINUES TO SPREAD
Due to escalating concerns around the spread of the Coronavirus (Covid-19) pandemic in Turkey, the Data Protection Authority of Turkey (the "DPA") made an announcement on 23 March 2020 regarding its re-assessment of time periods set out under the Data Protection Law numbered 6698 and its secondary legislation in an effort to provide a certain degree of flexibility to private and public data controllers.
Pursuant to the data privacy legislation, data controllers are required to notify both the DPA and the relevant individuals regarding any data breach within 72 hours (at the latest) after becoming aware of the breach. Also, data controllers should finalise and respond to the applications of individuals (e.g. applications for rectification, erasure, destruction and anonymisation of personal data) within shortest period of time, but not later than 30 days as of the date of such application. Failure to comply with these time periods may lead to monetary fines.
According to the announcement made on 23 March 2020, DPA notifies that it will take into account the extraordinary circumstances caused by the Coronavirus outbreak on a case by case basis when assessing time periods regarding any data privacy breach notification or application.