Kişisel verilerin yurtdışına aktarımı ile ilgili son zamanlarda yaşanan sorunlar ve ağır yaptırımlara hükmedilen Kurul kararları, konunun önemini artırmış ve Kurul tarafından bir kamuoyu duyurusu yayınlanmıştır. Kanaatimizce, Kurul’un özellikle tartışma yaratan 108 Sayılı Sözleşme uyarınca aktarım ile ilgili sizleri daha önce bilgilendirdiğimiz 22.07.2020 tarihli kararı, bu kamuoyu duyurusunun yapılmasını gerekli kılmıştır.
In summary, in this direction;
Pursuant to Article 9 of the Law and other related articles, it has been stated by the Board that the publication of the countries with adequate protection can be realized after a long study, and that the list that will emerge will have to be constantly updated as a result of possible developments.
It was stated that the principle of reciprocity would also be taken into account in determining the safe country.
In accordance with the Convention no. 108, it is stipulated that the states party to the Convention cannot prohibit or restrict personal data transfers to other parties on the grounds of the protection of private life, or restrict it by providing a special permission mechanism, but it does not allow the parties to make arrangements in their domestic laws to prohibit transfers of a domestic or transnational nature in certain circumstances. removed was emphasized.
It has been stated that a country's becoming a party to Convention No. 108 will have a positive effect on reliability assessment. It was emphasized that it is necessary to apply to the Board with the undertakings to be signed for data transfer to an unsafe country, that the content of these undertakings should be accurate and detailed, and a separate notification is made on the Institution's website.
It has been reiterated that the binding company rules are a correct method that can be applied by multinational companies in data transfer abroad.
It is stated that if there is a regulation regarding the transfer of personal data abroad in the current laws and in the international agreements duly put into effect, it is stated that this regulation will be acted upon, and the Banking Law is given as an example.
It was reminded that the process that requires the permission of the Board in data transfer abroad, which is seen as a problem in the public, is subject to the mandatory provision in Article 9.
Click for the full text of the decision.
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.