NEWSLETTER-2019-metin

276 NEWSLETTER 2019 Consequently, while signing a data processing contract between a data controller and processor, it is significant to obtain the necessary commitments regarding the measures to be taken, to determine the destruction procedures, to determine the responsibilities and authori- zations, explicitly, to include recourse regulations, and to specify the right to audit of the data controller. Contact Person Real persons or legal entities that process personal data shall enroll in the Registry before proceeding with data processing. Data controllers residing in Turkey, and representatives of data controllers residing abroad shall submit the information of the contact person to the Registry in the course of the registration. Contact person may be appointed from inside of the legal entity, or from outside its orga- nization. The contact person is solely liable for the management of communication between the Authority and the data controller, and not authorized to represent the data controller regarding the obligations set out under the Law. Receiving the notifications given by the Authority and performing transactions regarding the Registry on behalf of the data controller, and exchanging the requests and responses between the data controller and the Authority, are examples for the obligations of the contact person. Conclusion The concepts and differences of the data controller and data pro- cessor have great importance on the (i) determination of the rights and obligations of individual or legal entities that process personal data and (ii) detection of administrative fines as foreseen in the event of violation of these obligations. As a result, understanding clearly the basic concepts of the Law by taking into consideration of the detailed examples and explanations as stipulated in the Guidelines prepared by the Authority are quite beneficial for the compliance to the Law and legal data processing.