UncategorizedLegal Entities’ Liability on the Registration of the Branches and Liaison Offices to Data Controllers’ Registry

November 29, 2019by Ezgi Aydemir
data p1473066740 (1)

 

The legal entities registered within Turkey must be also registered with Data Controllers’ Registry.

 

It has been a great area what was the applicable law for branches and liaison offices for Turkey registered entities that are based outside of Turkish jurisdiction. Here below you will find the relevant information on this matter.

 

In the Personal Data Protection Law numbered 6698, a data controller defined as “a person or legal entity responsible for defining the purposes and methods of processing personal data and establishing and managing the data entry system.” According to the decisions of the Turkish Personal Data Protection Board (numbered 2018/32, 2018/75 and 2018/87), the data controllers need to be registered with the Data Controllers’ Registry. Besides, it has always been a grey area whether the legal entities registered outside of Turkey and have the branches and liaison offices in Turkey are bind with the responsibilities stated as in the Personal Data Protection Law.

 

With the decision of Turkish Personal Data Protection Board (dated on 23 July 2019 numbered 2019/225), it is revealed that the Turkish branches of legal entities which are registered outside of Turkey have to be considered as data controllers. In other words, non-Turkey based legal entities’ branches are liable for defining the scope and purposes of data processing and the establishment & management of the data entry system. Subsequently, these branches of the legal entities established in Turkey must register with the Data Controllers’ Registry without any exemptions.

 

On the contrary, the liaison offices are not obliged to register with the Data Controllers’ Registry as the liaison offices are not considered as data controllers. The liaison offices can perform marketing and feasibility activities, conduct some studies in social and cultural field, make some preparations for mergers and acquisitions between companies, follow up the job opportunities closely and provide information to the central company; however, the liaison companies are not eligible to perform commercial activity.

 

The legal entities based outside of Turkey and undertaking personal data processing activities in Turkey directly or with their branches are considered as data controllers and must register with the Data Controllers’ Registry.

Please call our Turkish lawyers based in  our Head office (London) to get further information. Our Turkish solicitors are all based in the United Kingdom and would be happy to help.

Ezgi Aydemir

Follow London Legal International

Building 3- SUITE: 123
North London Business Park,
London, N11 1GN