The Directive (EU) 2022/2555 on measures for a common level of cybersecurity across the Union (the “NIS2 Directive“) was published in December 2022 and entered into force on 16 January 2023. It repealed the previous Directive (EU) 2016/1148 on measures for a high common level of security of network and information systems across the Union, […]
Artificial Intelligence-Based Services and Security of Company Data
While we talk about the many benefits of AI technology, we should not ignore the data protection and privacy concerns raised by services that use this technology. After all, artificial intelligence is a technology that feeds on the data provided by users and constantly trains itself. Chatbots, which are very popular nowadays, use the content […]
New Adequacy Decision for EU-US Data Privacy Framework
The European Commission has adopted an adequacy decision for the European Union – United States (EU-US Data Privacy Framework (DPF). Within the framework of this adequacy decision; starting from July 10, 2023, personal data will be freely and securely transferred between the European Union and participating United States companies. Background of the decision Since 2021, […]
Amazon Turkey Decision and its implications on data transfers to third countries
The Turkish Personal Data Protection Board (“Board”) adopted a decision regarding Amazon Turkey at the beginning of this year, on the 27th of February (“Amazon Turkey Decision”). Amazon Turkey Decision has touched upon several issues regarding Turkish Data Protection Law but this article focuses only on the sections regarding transfer of personal data to third countries. […]
Your responsibilities to your customers as a data processor
The Turkish Data Protection Law defines a data controller as “the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data filing system”. According to the guidelines that the Turkish Data Protection Board has published on its website, “data processors […]
Data Processing Agreement (DPA) Under Turkish Data Protection Law
Data controllers who wish to entrust their data processing activity to a third party must appoint such third party as the data processor on behalf of them with a contract. The said contract under which a data controller authorizes a third party to process personal data on their behalf and in accordance with their instructions […]
