SANCTIONS FOR VIOLATIONS OF LAWS ON THE PROTECTION OF PERSONAL DATA:
With regard to offenses involving personal data, the provisions of Articles 135 through 140 of the Turkish Penal Code No. 5237
apply. Those who act in violation of Article 7 of the Law; and those who fail to delete or anonymize personal data are punished in accordance with Article 138 of Law No. 5237.
Misdemeanors:
Pursuant to Article 18 of the law titled “Misdemeanors”;
a) Those who fail to fulfill the disclosure obligation stipulated in the article shall be subject to a fine ranging from 5,000 Turkish Liras to 100,000 Turkish Liras,
b) Those who fail to comply with the data security obligations set forth in Article 12 shall be subject to a fine ranging from 15,000 Turkish Liras to 1,000 Turkish Liras and up to 1,000,000 Turkish Liras,
c) For those who fail to comply with decisions taken by the Board pursuant to Article 15, fines ranging from 25,000 Turkish Liras to 1,000 Turkish Liras and up to 1,000,000 Turkish Liras,
ç) Administrative fines ranging from 20,000 Turkish Liras to 1,000 Turkish Liras shall be imposed on those who act in violation of the registration and notification obligations regarding the Data Subject Registry as provided for in Article 16.
The administrative fines provided for in this article shall apply to natural persons and private-law legal entities acting as data controllers.
(3) If the acts specified in the first paragraph are committed within public institutions or public professional organizations, the Board shall, upon notification, take disciplinary action against the relevant public institutions and organizations, as well as other public officials who have served in public professional organizations, in accordance with disciplinary provisions, and shall report the results to the Board.