TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal
The Turkish National Police Department of Cybercrime Prevention Established in 2011, this department provides support in investigating crimes committed using information technology. It gathers forensic data to fight cybercrime effectively and efficiently. The Ministry of National Defence, the Presidency of Defence Industries, and the Turkish Armed Forces Cyber Defence Command These entities ensure cybersecurity from the perspective of military and national defence. The Ministry of Interior Disaster and Emergency Management Presidency The Ministry of Interior Disaster and Emergency Management Presidency is responsible for crisis co-ordination and management to protect criti - cal infrastructures in the event of a disaster. Others Apart from the above, sector-specific adminis - trative institutions such as the Banking Regula - tion and Supervision of Agency (the BRSA), the Capital Markets Board (the CMB), the Turkish Republic Central Bank (the TRCB), the Energy Market Regulatory Authority (the EMRA), the General Directorate of Civil Aviation (the GDCA), and the Nuclear Regulatory Authority are entitled to regulate cybersecurity-related issues in their respective sectors. 2. Critical Infrastructure Cybersecurity 2.1 Scope of Critical Infrastructure Cybersecurity Regulation General There is no framework legislation on critical infrastructure cybersecurity like the EU’s NIS2
co-ordination with the TR-CERT and institutional CERTs operating in the sectors concerned. Institutional CERTs Institutional CERTs are established within public and private organisations. All organisations operating in the critical infra - structure sectors must establish an institutional CERT thereunder and ICTA has the authority to order a public or private organisation to establish and maintain a CERT, even if that organisation does not operate in critical infrastructure sec - tors. Institutional CERTs also act in co-ordination with the TR-CERT and sectoral CERTs operating in the relevant sector, as applicable. The Personal Data Protection Authority (the DPA) The primary supervisory and regulatory authority for data protection matters is the DPA. It is an independent administrative institution that has administrative and financial autonomy. The DPA is authorised to regulate data protec - tion activities and to take measures to protect the rights of data subjects. The DPA is compe - tent to receive data breach notices according to the DP Law. The National Intelligence Agency The National Intelligence Agency is entitled to collect, record, and analyse information, docu - ments, news, and data by using any technical intelligence and human intelligence method, tool and system regarding foreign intelligence, national defence, counterterrorism, international crimes and cybersecurity, and to deliver the pro - duced intelligence to the necessary institutions.
302 CHAMBERS.COM
Powered by FlippingBook