Guidelines for Personal Data Applications and Procedures in Turkey

When making a personal data application, you can obtain detailed information about the purpose, scope, and duration of the processing of your personal data, and make requests such as protection or correction of your data. By following these steps, you can complete the personal data application process in Turkiye.

In Turkey, regardless of domestic or international aspects, it is necessary to exhaust specific legal avenues to make requests regarding personal data and enforce sanctions. According to the current Law on the Protection of Personal Data and the Communique on Principles and Procedures for Application to the Data Controller, certain procedures need to be fulfilled. These are as follows:

Application to the Data Controller Before making a personal data application, you must decide how to apply to the data controller. Typically, methods such as email (the email address must be previously registered with the data controller for a valid application), registered electronic mail (KEP), registered mail with return receipt requested, or sending via a notary are used to apply to the data controller.

Additionally, some companies may accept applications through online application forms or customer services, but these might not provide guaranteed evidence from an evidential perspective.

Compulsory Requirements in the Application Form:

a) Name, surname, and signature if the application is written,
b) Turkish Republic Identification Number (for Turkish citizens), nationality for foreigners, passport number, or any identification number if available,
c) Residence or business address for notification purposes,
ç) If available, the electronic mail address, telephone, and fax number for notification,
d) Subject of the request must be included.

Information and documents related to the subject are attached to the application.
In written applications, the date the document was delivered to the data controller or their representative is the application date.

In applications made through other methods, the date the application reached the data controller is considered the application date.

Waiting for Response and Follow-Up

After receiving your application, the data controller is obliged to respond within a certain period. If no response is received from the data controller within 30 days after the application or if the response given within 30 days is unsatisfactory, an application can be made to the Personal Data Protection Authority.

Application to the Personal Data Protection Authority

If the data controller fails to respond within the legally defined period or does not meet the requests, applying to the Personal Data Protection Authority with a new petition including all documents allows enforcement actions to be taken.

Applications can be made to the Personal Data Protection Authority via their official website or in writing.

If you believe your personal data has been breached and you wish for actions such as correction, deletion, or destruction of your data, you can contact us at [email protected] to seek support.


How can i edit or delete my personel data in Turkey?
How can I find out if my data is being processed?

Leave a Reply

Your email address will not be published. Required fields are marked *