NEWSLETTER-2019-metin

The Concepts of Personal Data, Data Processor, Data Controller and Contact Person within the scope of Personal Data Protection Legislation* Att. Sevgi Unsal Ozden Introduction The Law on Personal Data Protection (“Law”) numbered 6698, which has been issued as a part of the European Union compliance pro- cess, has been published in the Official Gazette numbered 29677 and dated 7 April 2016 and has entered into force. The Board of Personal Data Protection (“Board”) has been constituted in order to enforce this code, and the Personal Data Protection Authority (“Authority”) has been established and has come into operation. The concepts such as “Personal Data,” “Data Processor,” “Data Controller,” and “Contact Person” have been introduced through enact- ment of the Law. In this article, we shed light on these concepts, which are important for the determination of the obligations and compliance to the Law, and which are commonly confused by data controllers, especially during their compliance processes. Personal Data Personal data is defined in paragraph (g) of Article 3 of the Law as any type of information that relates to an identified or identifiable individual. Physical, social, cultural, economic and psychological in- formation are deemed as personal data, as well as first name, surname, place of birth and date of a real person. Ethnic origin, health, educa- tion and employment status, sexual orientation, family information, communication records with others, residential address, credit card information, social security number, union membership and shopping habits may also be counted as examples for personal data. * Article of September 2019