Personal Data Processing Inventory Preparation Guide
As it is known, the inventory of personal data processing is prepared by the data controllers (in Turkish, “Veri Sorumluları”) in accordance with the “Regulation on The Registry of the Data Controllers” published in the Official Gazette dated 30 December 2017 (in Turkish, “Veri Sorumluları Sicili Hakkında Yönetmelik”) and “Regulation on the Deletion, Destruction or Anonymization of Personal Data” published in the Official Gazette dated 28 October 2017 (in Turkish “Kişisel Verilerin Silinmesi, Yok Edilmesi veya Anonim Hale Getirilmesi Hakkında Yönetmelik”).
On 19 June 2019, Personal Data Processing Inventory Preparation Guide (in Turkish “Kişisel Veri İşleme Envanteri Hazırlama Rehberi”, hereinafter reffered to as the “Guide”) was released by the Personal Data Protection Authority (in Turkish “Kişisel Verileri Koruma Kurumu” (hereinafter referred to as the “Authority”) on its official website.
This Guide has been published in order to provide good practice examples to the data controllers for fulfilling the obligation of preparing personal data processing inventory and to be useful in preparing the inventory in question.
According to the Regulation on The Registry of the Data Controllers, in the inventory, following requirements must take place;
- Data category,
- Personal data processing purposes and legal reasons,
- Transferred receiver / receiver groups,
- Groups of data subject,
- Maximum retention time required for the purposes for which personal data is processed
- Personal data foreseen to be transferred to foreign countries,
- Technical and administrative measures taken for data security.
You may find enclosed the Turkish version of Sample of Personal Data Processing Inventory and Personal Data Processing Inventory Preparation Guide.
Our Law Firm remains at your disposal for any further clarifications you may need.