Turkish DPA announce draft regulation on personal data
Turkey's Data Protection Authority recently published the long-awaited draft of the Regulation on Deletion, Destruction and Anonymization of Personal Data.
The Draft Regulation outlines proposed details of requirements for data controllers, as well as definitions and exceptions. Notably, it proposes that if deleting personal data will lead to an inability to access and use other data in the system, the personal data will be deemed to have be deleted, provided other conditions are met.
The Draft Regulation also addresses internal procedures for data controllers to delete, destroy, or anonymize personal data. It proposes that data controllers that are subject to registry obligations be required to prepare a Personal Data Retention and Erasure Policy. Failure to delete or anonymize personal data could result in imprisonment for between one to two years.