(1) The purpose of this By-Law is to determine principles and procedures regarding erasure, destruction and anonymization of personal data processed wholly or partially by automated means or by non-automated means which provided that form part of a data filing system.
Chapter 1 (Art.1 - 4) — Purpose, Scope, Legal Basis and Definitions
(1) Provisions of this By-Law shall apply to data controllers in accordance with Article 7 of the Personal Data Protection Law No. 6698 and of 24/03/2016.
(1) This By-Law is issued on the basis of Article 7(3) and sub-paragraph (e) of Article 22(1) of Personal Data Protection Law No. 6698.
(1) For the purposes of this By-Law:
- a) “Recipient group” means category of natural or legal persons to which the personal data are transferred by the data controller,
- b) “User concerned” means persons who process personal data within the organization of the data controller or upon authorization and instructions received from the data controller, other than the person or department which is responsible for the technical storage, protection and back up of personal data,
- c) “Disposal” means erasure, destruction or anonymization of personal data,
- ç) “Law”: Personal Data Protection Law No. 6698 and of 24/3/2016,
- d) “Recording medium” means any type of environment that keeps the personal data processed wholly or partially by automated means or non-automated means which provided that form part of a data filing system,
- e) (Amendment:OG-28/4/2019-30758) “Personal data processing inventory” means the inventory which are detailed by explanations of the followings: personal data processing activities of data controllers according to their business processes; purposes and legal ground of personal data processing; data category; maximum data storage period required for the purposes formed relating to the recipient group to whom the data are transferred and with data subject groups, and for personal data processing; personal data envisaged to be transferred to foreign countries; and measures taken relating to the data security,
- f) “Personal data storage and disposal policy” means the policy which data controllers issues as a basis for erasure, destruction and anonymization of personal data and determination of maximum storage period for the purpose for which personal data are processed,
- g) “Board” means Personal Data Protection Board,
- ğ) “Periodic Disposal” means the erasure, destruction or anonymization process which is determined in the personal data storage and disposal policy and to be carried out periodically ex officio, in the event that all of the conditions for processing laid down in the Law no longer exist,
- h) “Registry” means Data Controllers’ Registry kept by Personal Data Protection Authority,
- ı) “Data filing system” means the filing system where personal data are processed by being structured according to specific criteria,
- i) “Data Controller” means the natural or legal person who determines the purpose and means of processing personal data and is responsible for the establishment and management of the data filing system,
(2) For the definitions not included in this By-Law, the definitions in the Law shall apply.