IDC Names Securiti a Worldwide Leader in Data Privacy


LPPD - Turkey Law on the Protection of Personal Data

Get LPPD compliant with the most comprehensive PrivacyOps platform

Last Updated on November 28, 2023

Privacy Center
Fully Functional In Minutes

Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.


Turkey was one of the first countries to start the trend of legislating data protection. Turkey published “Law on the Protection of Personal Data No. 6698 (LPPD) covering personal data protection on April 07, 2016.” The LPPD is based on the European Union Data Protection Directive 95/46/EC and has several similarities with the GDPR. It aims to give data subjects’ control over their personal data and outlines obligations that organizations and individuals dealing with personal data must comply with. The LPPD has also provided comprehensive guidelines for the transfer of personal data to third parties.

The solution enables organizations to comply with LPPD regulation through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Turkey LPPD Compliance Solution supports enterprises in their journey toward compliance with the LPPD through automation, enhanced data visibility, and identity linking.

See how our comprehensive PrivacyOps platform helps you comply with various articles of the LPPD.


Customize a data subject rights request portal for seamless customer care

Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.

dsr portal
dsr handling

Automate data subject access request handling

Article: 10, 11

The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the access requests.

Secure fulfillment of data access

Articles: 11, 13

The information is disclosed through a secured and centralized point to data subjects within the limited timeframe.

data access request
data rectify request

Automate processing of rectification requests

Article: 11(1)(d)

Fulfill data rectification requests using automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate erasure requests

Articles: 7, 11(1)(e)

Fulfill data subjects’ erasure requests, swiftly, through automated and flexible workflows.

data erasure request
personal data monitoring tracking

Continuous monitoring and tracking

Articles: 4, 5, 10, 13

Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning data.

Automate People Data Graph

Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.

personal information data linking
Turkey LPPD Cookie Consent Compliance

Meet cookie compliance

Article: 5

Automatically scan the web properties within your organization and create cookie categories. Build customizable cookie consent banners in accordance with the applicable cookie requirements.

Monitor and track consent

Articles: 5, 6(2), 8(1)(2), 9(1)(2)

Track consent revocation of data subjects to prevent the transfer or processing of data without their consent.

Universal Consent Management Dashboard
LPPD Readiness Assessment

Assess LPPD readiness

Articles: 4, 10, 12, 16

Measure your organization’s posture against LPPD’s requirements with the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system. It allows you to identify gaps in compliance and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against LPPD requirements.

Map data flows

Track data flows in your organizations by having a centralized catalogue of internal data process flows as well as flows for data transfer to service providers and other third parties.

LPPD Data Flow Mapping
Vendor Risk Management

Manage vendor risk

Articles: 8, 9, 12

Track, manage and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.

Breach Response Notification

Article: 12(5), Data Protection Board Decision 2019/10

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

breach response notification

Key data subject rights encoded within LPPD

Access: Data subjects have the right to access their personal information held by an organization.

Correction: Data subjects have the right to request the rectification of their incomplete and/or inaccurate personal data held by an organization.

Deletion: Data subjects have the right to request the erasure of their personal data under the conditions laid down under Article 7 of LPPD.

Consent: The collection, use, or disclosure of personal data must take place with the consent of the concerned data subject. Data subjects also have the right to withdraw consent.

Quick facts about LPPD

The LPPD requires controllers to register to the VERBIS, which is the data registry system in Turkey.
The national data protection authority is the Kiisel Verileri Koruma Kurumu (Personal Data Protection Authority).
The LPPD applies to Turkey's entities and any foreign natural or legal entity collecting or processing Turkish originated data or Turkish data subjects' personal information regardless of their physical location.
All necessary organizational and technical measures should be taken by the controller to fulfill the obligation stated under the LPPD.
Administrative fines are increased each year based on the re-evaluation schedules published in the Official Gazette with Tax Procedural Law Communiques.

Forrester Names Securiti a Leader in the Privacy Management Wave Q4, 2021

Read the Report
Forrester Wave

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report
IDC MarketScape

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.


Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend