TURKISH DATA PROTECTION AUTHORITY ANNOUNCES BINDING CORPORATE RULES

Despite enactment of the Data Protection Law of Turkey on 7 April 2016 (the "DPL") and secondary legislation, cross-border data transfer has been one of the major controversial data privacy issues in Turkey. Given the significance of cross-border data transfer for operations of multinational corporations, market players has long sought a streamlined mechanism to transfer personal data abroad. On 10 April 2020, the Data Protection Authority of Turkey (the "Authority") announced that data processors would be able to adopt binding corporate rules ("BCRs") for transferring personal data to their affiliates outside Turkey.