The Place of GDPR in Türkiye

The GDPR (General Data Protection Regulation) is a regulation adopted by the European Union (EU) that sets standards for the processing and protection of personal data.

The GDPR is not directly applicable as a law in Turkey. It is a law in force in the European Union (“EU”) and is applied in EU member states and other countries that exchange data with the EU. Since Turkey is not an EU member, GDPR does not have direct legal binding in Turkey. However, Article 3 of the GDPR, known as the Territorial Scope, determines whom and under what conditions the GDPR applies. Accordingly, organizations outside the EU must comply with the GDPR when processing the personal data of EU residents. This affects many international companies that process personal data of EU residents and offer services to the EU market. An organization located outside the EU must comply with the GDPR if it tracks the behavior of EU residents by offering goods or services in the EU or monitoring their behavior, and this requires personal data processing. For example, an online retailer serving internet users in the EU must comply with the GDPR.

There is no official Turkish name for the GDPR. It is commonly referred to as the General Data Protection Regulation. In some sources, it is also called the European Union General Data Protection Regulation or the General Regulation on the Protection of Personal Data. The official text of the regulation is available in English, French, and German. Although it has been translated into Turkish by the EU, this translation is not an official translation. Therefore, the most accurate and official name of the GDPR is General Data Protection Regulation.

In conclusion, due to Turkey’s need for data exchange with the EU and compliance with EU standards, relevant companies and organizations in Turkey may be required to comply with the GDPR. In this case, businesses in Turkey must ensure compliance with both KVKK and GDPR requirements.