Data Protection panel held

On 24 April 2024, the Personal Data Protection Authority (“Authority”) held a panel titled “Amendments to the Personal Data Protection Law No. 6698” including senior Authority officials and leading academics.

Panel members emphasised that the amendments should not be interpreted as allowing “unlimited data processing” or “uncontrolled data transfer abroad”. The Authority stated that both data processing and transfer would continue to be controlled and regulated under the new regime.

Cooperation agreement between TRNC and Turkey

The Authority announced that a cooperation agreement was signed with the Turkish Republic of Northern Cyprus’ (“TRNC”) Personal Data Protection Board on 18 April 2024. It stated that this protocol was signed so the two countries can exchange information to facilitate the protection of personal data.

Publication of Draft Regulation

The Authority has published the Draft Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad (“Draft Regulation”). Recent amendments have allowed for the transfer abroad of personal data by data controllers and data processors, without explicit consent, if one of three strict conditions are met: (i) A Decision on a Sufficient Level of Data Protection in the Transferee Country; (ii) presence of appropriate safeguards; or (iii) exceptional circumstances where conditions (i) or (ii) are not met.

The Draft Regulation has been published for public feedback and comments can be submitted until 20 May 2024. You can read our information note on the Draft Regulation here.

The DPA announced the following data breach notification in April: