LPPD - Turkey Law on the Protection of Personal Data

Get LPPD compliant with the most comprehensive PrivacyOps platform

Last Updated on نوفمبر 29, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

See a demo
Schedule your demo today

Turkey was one of the first countries to start the trend of legislating data protection. Turkey published “Law on the Protection of Personal Data No. 6698 (LPPD) covering personal data protection on April 07, 2016.” The LPPD is based on the European Union Data Protection Directive 95/46/EC and has several similarities with the GDPR. It aims to give data subjects’ control over their personal data and outlines obligations that organizations and individuals dealing with personal data must comply with. The LPPD has also provided comprehensive guidelines for the transfer of personal data to third parties.

The solution

securiti.ai enables organizations to comply with LPPD regulation through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Turkey LPPD Compliance Solution

securiti.ai supports enterprises in their journey toward compliance with the LPPD through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various articles of the LPPD.


 

Customize a data subject rights request portal for seamless customer care

Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

Turkey LPPD dsr portal
Turkey LPPD dsr handling

Automate data subject access request handling

Articles: 10, 11

The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the access requests.

Secure fulfillment of data access

Articles: 11, 13

The information is disclosed through a secured and centralized point to data subjects within the limited timeframe.

Turkey LPPD data access request
Turkey LPPD data rectify request

Automate processing of rectification requests

Articles: 11(1)(d)

Fulfill data rectification requests using automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate erasure requests

Articles: 7, 11(1)(e)

Fulfill data subjects’ erasure requests, swiftly, through automated and flexible workflows.

Turkey LPPD data erasure request
Turkey LPPD personal data monitoring tracking

Continuous monitoring and tracking

Articles: 4, 5, 10, 13

Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning data.

Automate People Data Graph

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

Turkey LPPD personal information data linking
Turkey LPPD Cookie Consent Compliance

Meet cookie compliance

Articles: 5

Automatically scan the web properties within your organization and create cookie categories. Build customizable cookie consent banners in accordance with the applicable cookie requirements.

Monitor and track consent

Articles: 5, 6(2), 8(1)(2), 9(1)(2)

Track consent revocation of data subjects to prevent the transfer or processing of data without their consent.

Turkey LPPD Universal Consent Management Dashboard
LPPD Readiness Assessment

Assess LPPD readiness

Articles: 4, 10, 12, 16

Measure your organization’s posture against LPPD’s requirements with the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system. It allows you to identify gaps in compliance and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against LPPD requirements.

Map data flows

Track data flows in your organizations by having a centralized catalogue of internal data process flows as well as flows for data transfer to service providers and other third parties.

LPPD Data Flow Mapping
Turkey LPPD Vendor Risk Management

Manage vendor risk

Articles: 8, 9, 12

Track, manage and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.

Breach Response Notification

Article: 12(5), Data Protection Board Decision 2019/10

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

Turkey LPPD breach response notification

Key data subject rights encoded within LPPD

Access: Data subjects have the right to access their personal information held by an organization.

Correction: Data subjects have the right to request the rectification of their incomplete and/or inaccurate personal data held by an organization.

Deletion: Data subjects have the right to request the erasure of their personal data under the conditions laid down under Article 7 of LPPD.

Consent: The collection, use, or disclosure of personal data must take place with the consent of the concerned data subject. Data subjects also have the right to withdraw consent.

Quick facts about LPPD

1
The LPPD requires controllers to register to the VERBIS, which is the data registry system in Turkey.
2
The national data protection authority is the Kiisel Verileri Koruma Kurumu (Personal Data Protection Authority).
3
The LPPD applies to Turkey's entities and any foreign natural or legal entity collecting or processing Turkish originated data or Turkish data subjects' personal information regardless of their physical location.
4
All necessary organizational and technical measures should be taken by the controller to fulfill the obligation stated under the LPPD.
5
Administrative fines are increased each year based on the re-evaluation schedules published in the Official Gazette with Tax Procedural Law Communiques.
IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New