The Data Protection Board (“Board”) has rendered 3 (three) important decisions regarding “data controller’s obligation to take necessary technical and administrative precautions for protection of personal data” and “requirement to notify the data breach as early as possible”, all of which are announced at the Board’s web site on the date of 3 July 2019 (“Decisions”).
Due to non-compliance with taking necessary administrative and technical precautions within the scope of Article 12/1 of the Data Protection Law numbered 6698 (“Law”) and requirement to inform data breach as early as possible within the scope of Article 12/5 of the Law, the Board has applied the following administrative monetary fines in accordance with Article 18/1-b of the Law:
- TRY 550.000 to Clickbus Seyahat Hizmetleri A.Ş pursuant to its decision dated 16.05.2019 and numbered 2019/141,
- TRY 1.450.000 to Marriott International Inc. pursuant to its decision dated 16.05.2019 and numbered 2019/143,
- TRY 550.000 to Cathay Pacific Airway Limited pursuant to its decision dated 16.05.2019 and numbered 2019/144.
You may find detailed information about the Decisions under the Board’s official web site (www.kvkk.gov.tr).
Please let us know if you have any queries.