A New Era in Cross-Border Data Transfers in Turkey
In the context of the reform of the Turkey’s Personal Data Protection Law No. 6698:
- the Regulation on the Procedures and Principles on the Cross-Border Personal Data Transfers was published on the Official Gazette and entered into force on July 10, 2024;
- the Turkish data protection authority also published the four standard contracts (“SCCs“) together with the BCR application forms on 10 July 2024.
Controllers and processors can now use any of the appropriate safeguards such as SCCs or BCR to transfer personal data out of Turkey
Deadline for compliance: September 1, 2024
One of the most significant changes is that controllers can no longer rely on consent for transfers out of Turkey.
Controlers have until September 1, 2024, to align their practices with the new mechanisms.