The Communique on Procedures and Principles to Comply in Meeting the Liability of Clarification (“Communique”) prepared in line with the Article 22 of the Protection of Personal Data Law no.6698 with the purpose of setting the procedures and principles to be complied in meeting the liability of clarification by data controllers and authorized people has been published in the Official Gazette dated 10.03.2018.
. Scope of the liability of clarification
Article 4 - (1) Pertaining to the Article 10 of the Law, data controller or the person it authorized is obligated to inform the related people. While undertaking that task, the act of informing handled by the data controller or authorized person should at least include the following:
a) The identity of the data controller and if any, its representative,
b) The purposes for which personal data will be processed,
c) The persons to whom processed personal data might be transferred and the purposes for the same,
ç) The method and legal cause of collection of personal data,
d) The related person’s other rights set forth under article 11.
. Procedures and principles
Article 5 – (1) Procedures and principles provided below should be complied during the fulfilment of the clarification liability by the data controller or its authorized person through a physical or electronical environment such as verbal, written, voice record and call centre:
a) According to the explicit consent of the related person or terms within the Law, the liability of clarification should be fulfilled in all circumstances.
b) In case the purpose of personal data registry changes, the liability of clarification should be fulfilled at first.
c) If personal data are entered with different purposes in the data controller’s various units, the liability of clarification should be fulfilled by each unit.
ç) If there is an obligation of registration entry, the information to be given to the related person must be compliant with the information entered to the Registry.
d) The liability of clarification is not upon the will of related person.
e) Data controller is liable for the proving the fulfilment of clarification liability.
f) If personal data registration activity is performed based on the term of explicit consent, clarification liability and obtaining explicit consent should separately be handled.
g) The purpose of the personal data registry to be disclosed under the liability of clarification should be certain, clear and legitimate.
ğ) The notification should have a clear, simple and well understood wording.
h) During the fulfilment of clarification liability, the legal cause should apparently be indicated.
ı) The purpose for transmission and receiver groups should be identified.
i) The way how personal data were obtained, whether fully or partly automatically or by non-automatic ways, should apparently be indicated.
j) During the fulfilment of clarification liability, misleading or inaccurate information cannot be used.
.Clarification liability in case the personal data was not obtained from the related person
Article 6 – (1) In case the personal data was not obtained from the related person;
a) In a reasonable period as of the obtainment of personal data,
b) In the circumstance that the personal data will be used for communicating with the related person, during the first communication,
c) In case the personal data is transmitted, at the time the first transmission takes place at the latest, liability of clarifying the related person should be performed.
The Communique has been enacted as of 10.03.2018.
Our explanations provided above include general information on the issue. No responsibility can be claimed against EY and/or Kuzey YMM ve Bağımsız Denetim A.Ş. due to the implications arising from the context of this document or emerging with respect to its context.
Kuzey YMM ve Bağımsız Denetim A.Ş.