The Turkish Data Protection Authority ('TDPA') announced guidance on applications to be made based on the commitments signed for cross-border transfer of personal data on 7 May 2020. Please find the Turkish version of the announcement here (only the Turkish version is available as of the publication date of this blog post).

As it is known, the TDPA had announced the minimum requirements for the commitments to be signed for cross-border transfer of personal data on 16 May 2018 (our Turkish blog post regarding this announcement can be found here). The English translation of minimum requirements for two types of commitments (one for transfers from the data controller to data controller and one from the data controller to data processor) can be found on the TDPA's website under the Legislation section.

However, until to date, the TDPA has not publicly announced its permission for any based on signed commitments although it is known that a number of applications have been submitted to the TDPA. It seems that this new announcement aims to serve as a guideline for both pending and future applications.

Recent announcements and decisions made by the TDPA make it inevitable to discuss the cross-border transfer of personal data from different perspectives. We will share our views and comments with you soon.

Originally published 07 May 2020

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.