Türkiye's Data Protection Law (KVKK) — similar in spirit to the EU GDPR — protects personal data from unlawful use. Every citizen has clear rights against data controllers.
Your rights
Access: what data is stored? Rectification: correct errors. Erasure: remove data without legal basis. Portability: receive data in machine-readable form. Object: stop processing.
How to exercise
Written request to the controller. Reply due within 30 days. If unanswered or insufficient, complain to the Data Protection Authority (KVKK Kurumu).
Complaint
Easy online filing. The Authority investigates and can fine up to 1,000,000 TL. It can also order processing to stop.
Damages
In addition to a complaint, civil damages (material and moral) can be sought. An Authority decision strengthens proof.
Common violations
Public data leaks, marketing SMS without consent, sale of data to third parties, retention beyond need.
Who is bound
Anyone processing personal data: companies, schools, hospitals, banks, websites. Even associations and individuals systematically collecting data.