TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Simge Yüce and Yiğit Aktimur, YAZICIOGLU Legal
October 2024, the DPA introduced an online “SCCs Notification Module”, now available for notifications. The notifications should include: • the final version of the SCCs, with relevant sections filled out and signed by authorised individuals of the parties; • documents proving the authority of those signing the SCCs; • notarised translations of foreign-language documents. The Guidelines on Transfers Abroad also con - firmed that official documents from foreign authorities can be included in the notification, with the required authentication of signatures, titles, or seals. Consular or diplomatic officials usually do this verification. However, under the Convention Abolishing the Requirement of Legalisation for Foreign Official Documents, documents from signatory countries are exempt from this process, and an apostille is sufficient. Occasional Transfers If data transfers abroad cannot occur with an adequacy decision, and if one of the appropriate safeguards cannot be ensured, the data transfer abroad is possible if the transfer is occasional and one of the following criteria is met: • the data subject has explicitly consented to the transfer after having been informed of the possible risks of such transfer; • the transfer is necessary for the performance of a contract between the data subject and controller or the implementation of pre-con - tractual measures taken at the data subject’s request; • the transfer is necessary for the conclusion or performance of a contract concluded
between the controller and another natural or legal person in the interest of the data sub - ject; • the transfer is necessary for an overriding public interest; • the transfer is necessary for the establish - ment, exercise, or defence of a right; • the transfer is necessary for the protection of the life or physical integrity of a person who is unable to give consent due to actual impos - sibility or whose consent is not legally valid; and • the transfer is made from a register open to the public or to persons with a legitimate interest, provided that the conditions required to access the registry in the relevant legisla - tion are met and the person with legitimate interest requests it. The By-Law on Data Transfers Abroad defines occasional transfers as “ transfers that are not regular, occurring only once or a few times, are not continuous and are not in the ordinary course of business. ” The Guidelines on Trans - fers Abroad also interpret occasional transfers very narrowly, stating that these transfers should occur under unforeseen conditions and provide examples of occasional transfers, largely based on EDPB guidelines. When relying on explicit consent for an occasion - al transfer, the data subject must be informed of the specific risks, including the fact that the destination country may not provide adequate protection or implement sufficient security measures. This may involve the absence of a supervisory authority or guarantees for data pro - cessing principles and individual rights. Onward Transfers It should be noted that the requirements regard - ing personal data transfer abroad also extend to
490 CHAMBERS.COM
Powered by FlippingBook