PERSONAL DATA PROTECTION LAW
Law Number : 6698
Approval Date : 24/3/2016
Published in the Official Gazette : Date: 7/4/2016 No: 29677
Law : Published in Order: Volume 5 Issue: 57
PART ONE
Purpose, Scope and Definitions
Objective
ARTICLE 1 – (1) The purpose of this Law is to protect the fundamental rights and freedoms of individuals, particularly the right to privacy, in the processing of personal data and to regulate the obligations of natural and legal persons who process personal data and the procedures and principles to be followed.
Scope
ARTICLE 2 – (2) The provisions of this Law shall apply to natural persons whose personal data are processed and to natural or legal persons who process such data wholly or partially by automatic means or by non-automatic means provided that they are part of any data recording system.
Definitions
ARTICLE 3 – (1) In the implementation of this Law
(a) “Explicit consent” means freely given, specific and informed consent,
(b) “Anonymization” means rendering personal data impossible to associate with an identified or identifiable natural person, even by matching them with other data,
(c) “President” means the President of the Personal Data Protection Authority,
(ç) “Data subject” (natural person concerned) means the natural person whose personal data are processed,
(d) “Personal data” means any information relating to an identified or identifiable natural person,
(e) “Processing of personal data” means any operation which is performed on personal data, such as the acquisition, recording, storage, retention, alteration, adaptation, disclosure, transfer, acquisition, making available, classification or prevention of the use of personal data, wholly or partially by automatic means or by non-automatic means, provided that it is part of any data recording system,
(f) “Board” means the Personal Data Protection Board,
(g) “Authority” means the Personal Data Protection Authority,
(h) “Data Processor” means a natural or legal person who processes personal data on behalf of the data controller based on the authorization granted by the data controller,
(i) “Data recording system” means the system where personal data are structured and processed according to certain criteria,
(j) “Data Controller” means the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.