The Communique on the Procedures and Principles Regarding the Personnel Certification Mechanism (“Communique”) by the Board of Protection of Personal Data (“Board”) was published and entered into force with the Official Gazette dated 06.12.2021.

We would like to emphasize that there is no legal obligation of the data controllers stipulated in the Personal Data Protection Law (“Law”) regarding the appointment of data protection officers, which is the subject to the Communique,; in other words, it is not obligatory to appoint a data protection officer within the scope of the Communique and the Law. Even if such a person is appointed, the obligations of the data controller under the Law will not be affected/reduced.

The Communique includes the certification activities to be carried out by the personnel certification institutions accredited in accordance with the (TS) EN ISO/IEC 17024 standard and authorized by the Board, and regulations on data protection officers and candidates.

As per the Communique, persons who receive the certificate of participation as specified in the Communique will be entitled to use the title of data protection officer if they are successful in the exam stipulated in the Communique.

Pursuant to the Communique, data protection officers are considered to have sufficient knowledge in respect of personal data protection legislation within the scope of the program, for which they are certified.

A data protection officer can use this title only during the validity period of his/her certificates (this period is 4 years).

Batuhan Şahmay
Partner | [email protected]
Özlem Özdemir Yılmaz
Senior Associate | [email protected]
Behiç Ateş Gülenç
Associate | [email protected]