Cybersecurity—Turkey—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—Turkey—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—Turkey—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in Turkey published as part of the Lexology Getting the Deal Through series by Law Business Research (published: February 2021).

Authors: Paksoy—Stéphanie Beghe Sönmez

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

Turkey does not have any dedicated cybersecurity laws. The data protection legislation, including the Personal Data Protection Law No. 6698 (PDPL), however, contains general requirements with regard to the security of personal data. Cybersecurity breaches can therefore lead to a breach of data protection law.

The Ministry of Transport, Maritime Affairs and Communication prepared a 2016–2019 national cybersecurity strategy and action plan, under which definitions, principles, cyberse­curity risks and strategic cybersecurity purposes and actions were pre­sented. This plan aimed to shape Turkey's cybersecurity legislation in accordance with international standards and establish a public authority that ensures coordination in the field of cybersecurity.

The 11th Development Plan of the Turkish Republic for the 2019–2023 period (the Strategy Plan for 2019–2023) states that to mitigate national security and ensure technological transformations in primary sectors (eg, chemical industry, medicine and medical equipment, electronics, automotive and rail system equipment), Turkey must enhance its ability to develop cybersecurity and data privacy technologies, fill the gap in the number of qualified persons, further develop its administrative structures and keep its legislation in pace

Popular documents