The Turkish Personal Data Protection Authority (DPA) has introduced the concept of data protection officers with the Communiqué on the Procedures and Principles Regarding the Personnel Certification Mechanism (“Communiqué“). With its recent decision, the DPA has stipulated the procedures and principles regarding the certificate of participation that must be obtained by data protection officers.
The DPA’s Communiqué regarding certification as a data protection officer was published in the Official Gazette dated 6 December 2021; it entered into force on the same date. You may access our legal alert on the Communiqué here. With its decision No. 2021/1296 dated 23 December 2021, the DPA determined the procedures and principles (“Procedures and Principles“) regarding the certificate of participation that must be obtained to become a data protection officer. The Procedures and Principles are available online here (in Turkish).
What do the Procedures and Principles cover?
As per the Communiqué, to become a data protection officer, individuals must participate in certain training sessions and obtain relevant certifications. Individuals who meet the training/certification requirements will be entitled to take the exam. Those who successfully pass the exam become data protection officers.
The DPA has specified the details for obtaining a certificate of participation with the Procedures and Principles. Individuals who want to become a data protection officer must undertake a total of 40 hours of training. Following the training, the participants take the exam. Those who score above 70% will be deemed successful. Those who successfully pass the exam will receive a training report and the certificate of participation approved by the DPA.
The regulations on data protection officers have started to gain clarity with the Procedures and Principles. In this respect, all relevant companies that process personal data must follow the DPA’s announcements and regulations on data protection officers.