NEWSLETTER-2017

335 PERSONAL DATA PROTECTION Sanctions Pursuant toArticle 135 of the Turkish Criminal Code, the employ- ers who obtain and keep personal data by breaching the abovemen- tioned provisions, shall be imprisoned from one to three years. The sanction shall be increased by one-half if the data is subject to special information. In addition, Article 17 of the LPPD regulates the reasons for administrative fines. In accordance with this article, breach of the obligation to inform the employees may cause fines to be imposed of TRY 5.000 up to TRY 100.000; breach of the obligations regarding data security may cause fines to be imposed of TRY 15.000 up to TRY 1.000.000; breach of the decisions of the Board regarding complaints of the employees may cause fines to be imposed of TRY 25.000 up to TRY 1.000.000; breach of the obligation to notify and to register with the Data Supervisors Registry may cause fines of between TRY 20.000 up to TRY 1.000.000 for administrative fines. In addition, it should be emphasized that in the group or affiliate companies, each company who determines the purposes of the usage of data and who organizes the records shall be deemed as Data Supervisor and shall be liable for their acts, individually. Conclusion Employers should eliminate the data they have in their system im- mediately, should obtain written consents from the relevant employees and from now on, should limit themselves to specific purposes while obtaining information from their candidates and/or employees. They should adapt their workplace organization in accordance with the LPPD, should educate their personnel immediately, as well as audit their system frequently. Within this scope, employers should deter- mine whether the data to be obtained is actually necessary, useful and relative for the fulfilment of the contract and/or performance of the employee’s mission, as a reflex; otherwise, employers shall be faced with considerable fines after 26.03.2018.