GDPR Administrative Fines 2023 | Lawyer in Izmir
Administrative Fines
Law No. 6698 Personal Data Protection Law This is regulated by Article 18 of the Law on Misdemeanors. The administrative fines, which ranged from 10,000 TL to 1,000,000 TL as of 2016 (the effective date of the law), have increased annually in line with the published renewal rates. For the updated administrative fine rates for 2023 related to the misdemeanors regulated in Article 18, please refer to the table below.
| Personal Data Protection Law (KVKK) Sanctions (KVKK Article 18) | Administrative Fine Amount (Law) | Administrative Fine Amount 2022 | Administrative Fine Amount 2023 |
|---|---|---|---|
| Those who fail to fulfill their obligation to provide information (18/1-a) | 5,000 – 100,000 TL | 13,391 – 267,883 TL | 29,852 – 597,191 TL |
| Obligations regarding data security those who do not fulfill (18/1-b) | 15,000 - 1,000,000 TL | 40,179 – 2,678,863 TL | 89,571 – 5,971,989 TL |
| Those who fail to comply with the decisions made by the board. (18/1-c) | 25,000 - 1,000,000 TL | 66,965 – 2.678.863 TL | 149,285 – 5,971,989 TL |
| Those who violate the registration and notification obligations to the Data Controllers Registry. (18/1-c) | 20,000 - 1,000,000 TL | 53,572 – 2.678.863 TL | 119,428 – 5,971,989 TL |
Furthermore, the law stipulates that if the offenses specified in Article 18 of the Law are committed within public institutions and organizations, or professional organizations with the status of public institutions, disciplinary action will be taken against the civil servants and other public officials working in the relevant public institution or organization, as well as those working in professional organizations with the status of public institutions, upon notification by the Board, and the outcome will be reported to the Board.
The amounts of administrative fines were published with the announcement of the Personal Data Protection Authority dated 18.01.2022.
According to the table prepared by the institution from here You can reach us.
Crimes Regulated Under the Turkish Penal Code
Recording personal data
Article 135- (1) Anyone who unlawfully records personal data shall be sentenced to imprisonment for one to three years. (2) If the personal data relates to the political, philosophical or religious opinions, racial origins, moral inclinations, sexual lives, health status or trade union affiliations of individuals in violation of the law, the sentence to be given pursuant to the first paragraph shall be increased by half.
Unlawfully disclosing or obtaining data
Article 136- (1) A person who unlawfully gives, disseminates or obtains personal data to another person shall be punished with imprisonment from two to four years. (2) If the subject of the crime is statements and images recorded in accordance with the fifth and sixth paragraphs of Article 236 of the Criminal Procedure Code, the sentence shall be increased by one fold.
Qualifying circumstances
Article 137- (1) If the crimes defined in the above articles are committed: a) by a public official and by abusing the authority given by his/her duty, b) by taking advantage of the ease provided by a particular profession or art, the penalty shall be increased by half.
Not deleting the data
Article 138- (1) Those who are obliged to delete the data from the system, even though the periods determined by law have passed, will be sentenced to imprisonment for one to two years if they fail to fulfill their duties.. (2) If the subject of the crime is data that must be removed or destroyed in accordance with the provisions of the Criminal Procedure Code, the penalty shall be increased by one fold.
Complaint
Article 139- (1) Except for the recording of personal data, the unlawful disclosure or acquisition of data and the failure to destroy data, the investigation and prosecution of the offences included in this section are subject to complaint.
Implementation of security measures against legal entities.
Article 140- (1) Security measures specific to legal entities are imposed on them due to the commission of the crimes defined in the above articles.
For our other articles we have prepared under the Personal Data Protection Law;
- Exemption from VERBİS Registration
- How is the annual number of employees calculated for KVKK (Personal Data Protection Law) registration purposes?
- How should the total financial balance be calculated in relation to the Personal Data Protection Law (KVKK) registration?
- What are the reasons for processing personal data listed in the Data Controllers Registry?
Address: Nergis Neighborhood, Girne Boulevard No: 83, Floor 2, Apartment 2, Karşıyaka, İzmir
E-mail: info@efeshukuk.com
Phone: +90 534 415 52 56
