The Data Protection Board ("Board") of Turkey has the right to bring exemptions for the registration to the Data Controllers Registry i.e. VERBIS as per Article 16 of the Personal Data Protection Law numbered 6698 ("Law").

Based on the said Article, the Board has brought exemption to various data controllers for the registration to the VERBIS system with its earlier resolution numbered 2018/32 and published in the Official Gazette dated 15 May 2018 and more recent resolutions numbered 2018/68, 2018/75 and 2018/87, which were published in the Official Gazette dated 18 August 2018.

These data controllers that can benefit from the exemption are as follows:

  • Data controllers that process personal data only through non-automated means provided that it is a part of any filing system,
  • Public notaries,
  • Associations, foundations, trade unions that process only the data of their own employees, members, related persons and donators limited to their field of activity & purpose and in compliance with the applicable legislation,
  • Independent accountants and sworn financial public accountants,
  • Lawyers,
  • Political parties,
  • Customs brokers operating pursuant to the Customs Law numbered 4458 and licensed customs brokers,
  • Mediators,
  • Natural and legal person data controllers having annual balance sheet less than TRY 25,000,000 and having less than 50 employees in a year and whose main activities do not cover processing of sensitive personal data.

For the rest of the data controllers, the related time periods for the registrations are also envisaged under the Board's resolution numbered 2018/88 published in the Official Gazette dated 18 August 2018. Please see the following table for the related dates:


As LBF Partners, we offer legal services to our clients on all aspects of data protection law, including but not limited to:

  • Carrying out compliance projects in order to ensure that all obligations imposed to data controllers under Personal Data Protection Law Number 6698 are fulfilled,
  • Preparing privacy and data protection policies, data processing inventories, data retention and destruction policies and all other documentation required under the Law and secondary legislation,
  • providing legal assistance for registration to Data Controllers Registry,
  • providing in-house trainings on data protection law in order to increase awareness of the employees.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.