ERDEM-NEWSLETTER-2018-metin

The General Data Protection Regulation in Force* Att. Ecem Susoy Uygun Introduction The General Data Protection Regulation (“GDPR” or “Regulation”) 1 that was approved by the European Union (“EU”) Parliament and entered into force in 2016 has started to be applied as of May 25, 2018. The GDPR lays down rules relating to the protec- tion of natural persons (“data subjects”) with regard to the processing of personal data, and rules relating to the free movement of personal data. With this Regulation, it is intended to protect the privacy of the data subjects more strictly, and to reorganize data privacy laws across Europe. Also, it is worth to note that, international companies, as well as Turkish companies, are under the obligation to comply with the GDPR, provided that their activities fall under the scope of the GDPR. Scope of the GDPR Material Scope Pursuant to Article 2 of the GDPR, the Regulation does not apply to the processing of personal data: (i) in the course of an activity that falls outside the scope of EU law; (ii) by the member states of the EU (“Member States”) when carrying out activities that fall within the scope of Chapter 2 of Title V of the Treaty on European Union; (iii) by a natural person in the course of a purely personal or household activity; (iv) by competent authorities for the purposes of the preven- tion, investigation, detection or prosecution of criminal offences, or * Article of May 2018 1 Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), http://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uri=CELEX:32016R0679 (Access date: 28.05.2018).