The Regulation Regarding Working Procedures and Principles of the Board of Personal Data Protection Authority (“Regulation”) was published in the Official Gazette dated 16 November 2017.
Working procedures and principles, duties and powers of the Board of the Personal Data Protection Authority has been defined by the Regulation.
The Regulation was published in accordance with the Articles 22 and 23 of the Protection of the Personal Data Law Nr. 6698 (“Law”) which was published in the Official Gazette dated 7th April 2016.
The Board of the Personal Data Protection Authority
In the second section of the Regulation, working procedures and principles, duties, powers and responsibilities of the Board of the Personal Data Protection Authority (the “Board”) has been described.
The Board is the decision making body. The Board shall perform and exercise its duties and powers conferred on it by the Law independently and under its own responsibility. No other authority, office or person can give orders and instructions, recommendations or suggestions to the Board on matter falling within the scope of its duties and powers. Therefore the main principle is the independency of the Board.
The President, as the head of the Board, is responsible for the implementation of the decisions granted by the Board and also responsible for the general management and the representation of the Board.
Office term of the board members is four years. Members may be re-elected after the expiry of their term. The person who is elected to replace a member, whose post ends before the expiration of his term for any reason, shall complete the remaining term in the Board.
Duties and Powers of the Board
Several significant matters regarding the duties and powers of the Board are as follows:
- To ensure that the personal data are processed in compliance with fundamental rights and freedom,
- To render decisions about the complaints of those claiming that their rights with regard to personal data protection have been violated,
- To examine whether the personal data are processed in compliance with the laws, upon complaint, or ex officio and to take temporary measures, if necessary,
- To draft regulatory acts in order to lay out the liabilities concerning data security,
- To determine the adequate measures which are necessary for processing of the special personal data
- To ensure that the registry of the data supervisors is maintained,
- To determine the procedures and principles regarding the erasure, destruction or anonymity of the personal data,
- To draft regulatory acts on the matters concerning duties, powers and responsibilities of the data supervisor and the representative
- To determine and announce the countries which have and do not have enough and adequate protection measures for transferring the personal data abroad,
- To specify the sectoral implementation principles related to the protection, processing and security of the personal data and also to determine the procedures and principles regarding the matters of accreditation, certification, training and guidance with regards to the personal data protection,
- To decide on the administrative sanctions, which are foreseen in the applicable laws,
- To discuss and decide on the recommendations with regards to the purchase, sale and lease of the properties.
The Regulation has come into force on its publication date in the Official Gazette on 16 November 2017.