The Data Protection Authority (“Authority”) published the “Announcement Related to the COVID-19 Outbreak” on its website on March 23, 2020.
What Does the Announcement Say?
The Authority stated that the COVID-19 outbreak has led to data controllers in the public and private sectors to take certain measures.
The Authority asserted that it felt the need to issue a statement on the deadlines for complaints, notices and data breach notifications that data controllers must follow and adhere to. The Authority underlined the following:
- Data controllers should carefully follow the deadlines for complaints, notices and data breach notifications concerning data controllers’ obligations to the Authority and data subjects.
- The Authority is monitoring various measures the data controllers have taken, such as remote working and working in rotation. Further, the Authority will take into account the extraordinary state of business while evaluating data controllers’ compliance with the time periods for each specific application and data breach notification.
You may find the Turkish version of the announcement here.
The Authority aims to prevent any unjust consequences for data controllers and data subjects due to the extraordinary effects of the COVID-19 outbreak. Data controllers are recommended to consult with the Authority in cases of data breaches or complaints.