APPROVAL OF THE BINDING CORPORATE RULES APPLICATION BY THE DATA PROTECTION AUTHORITY

Article 9 of the Personal Data Protection Law No. 6698 (“Law”), titled “Transfer of personal data abroad”, regulates “binding corporate rules” as one of the appropriate safeguards for the transfer of personal data abroad.

In the presence of binding corporate rules that contain provisions on the protection of personal data, which companies within a group of undertakings engaged in a joint economic activity are obliged to comply with, and which are approved by the Personal Data Protection Board (“Board”), data controllers or data processors in Türkiye can transfer personal data based on these binding corporate rules.

In order to transfer personal data abroad based on binding corporate rules, an application for approval must be submitted to the Board.

The Board evaluated the binding corporate rules application made by a Turkish company (named Sosyo-Plus Bilgi Bilişim Teknolojileri Danışmanlık Hizmetleri A.Ş.) within the scope of subparagraph (b) of the fourth paragraph of Article 9 of the Law and approved the rules in question on 20 May 2026.

Our Law Firm remains at your disposal for any further clarifications you may need.

Copyright © 2026 Cailliau&Colakel Attorney Partnership, All rights reserved.