(1) The purpose of this By-Law is to establish the procedures and principles regarding the implementation of Article 9 of the Personal Data Protection Law No. 6698 dated 24/03/2016, which regulates the transfer of personal data abroad.
Chapter 1 (Art. 1 - 4) — Initial Provisions
(1) The provisions of this By-Law shall apply to data controllers and data processors involved in the transfer of personal data abroad in accordance with Article 9 of the Law No. 6698.
(1) This By-Law is issued pursuant to Article 9(11) and Article 22(1)(e) of the Law No. 6698.
(1) For the purposes of this By-Law, the following definitions shall apply:
- a) President: The President of the Personal Data Protection Authority;
- b) Data subject: A natural person whose personal data is processed;
- c) Law: The Personal Data Protection Law No. 6698 dated 24/3/2016;
- ç) Personal data: Any information relating to an identified or identifiable natural person;
- d) Processing of personal data: Any operation which is performed on personal data, wholly or partially, by automated means or non-automated means which provided that form part of a data filing system, such as collection, recording, storage, protection, alteration, adaptation, disclosure, transfer, retrieval, making available for collection, categorization, preventing the use thereof;
- e) Transfer of personal data abroad: The transmission of personal data from a data controller or data processor under the Law No.6698 to a data controller or data processor established abroad, or making such data accessible to them by any other means;
- f) Board: The Personal Data Protection Board;
- g) Authority: The Personal Data Protection Authority;
- ğ) Data exporter: A data controller or data processor transferring personal data abroad;
- h) Data importer: A data controller or data processor in a foreign country receiving personal data from the data exporter;
- ı) Data processor: A natural or legal person who processes personal data on behalf of the data controller upon its authorisation;
- i) Data controller: A natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system.
(2) For the definitions not covered in this By-Law, the definitions provided in the Law and relevant legislation shall apply.