Audit activities have been initiated by the Turkish Personal Data Protection Authority (“Authority”) to issue administrative fines to companies that violate the registration and notification obligation to the Data Controllers Registry Information System (“VERBIS”).
The Authority requests the following documents from the relevant data controller company during the audit in order to impose an administrative fine:
-
Current number of employees,
-
Financial balance sheet records,
-
Information, documents and records regarding data processing activities such as special categories of personal data processing,
If these documents and records are not submitted in due time to the Authority, an administrative fine may be imposed by the Authority by ex officio examination.
As can be understood from the said requests of the Authority, it is expected to be imposed from TRY 53,572.00 to TRY 2,678,863.00 administrative fine for companies that violate the registration obligation with VERBIS soon pursuant to Article 18/1/ç of the Personal Data Protection Law No. 6698.
We kindly inform you regarding current agenda of the Authority and we are pleased to assist you regarding your further queries and requests.
Bahar Esentürk, Senior Associate