The Communiqué on the Procedures and Principles Regarding the Personnel Certification Mechanism ("Communiqué") is published and entered into forced in the Official Gazette numbered 31681 and dated 06.12.2021 to determine the procedures and principles regarding the certification of Data Protection Officers by the Turkish Personal Data Protection Authority ("the Turkish DPA".)

The important regulations that draw attention in the Communique are as follows:

  1. In the certification program, the procedures and principles of which will be determined by the Turkish DPA, those who have obtained the certificate of participation and succeeded in the exam will be entitled to use the title of data protection officer.
  2. The data protection officer will be deemed to have sufficient knowledge in terms of the legislation on the personal data protection legislation within the scope of the program for which they are certified.
  3. The data protection officer may use this title only during the validity period of the certificates.
  4. Organizations accredited by the Turkish Accreditation Agency within the scope of (TS) EN ISO/IEC 17024 standard will be authorized to certify those who are successful in the relevant exams related to certification.
  5. The validity period of the certificate will be 4 years from the announcement of the exam results.
  6. Having a data protection officer within the organizations will not relieve the data controller and the data processor from their responsibilities regarding the Law and relevant legislation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.