What is GDPR (General Data Protection Regulation)?

Turkish: GDPR

GDPR regulates personal data processing for people in the EU and EEA, defining transparency duties, individual rights, and controller obligations.

What is GDPR?

GDPR (General Data Protection Regulation) is the European data protection framework for how personal data of people in the European Union and European Economic Area is processed. It can affect not only EU-based organizations, but also organizations outside the EU that offer services to people in the EU or monitor their behavior.

Core Principles

GDPR expects personal data to be processed lawfully, transparently, and for limited purposes. Data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability are central principles. Processing needs a lawful basis, such as consent, contract, legal obligation, vital interests, public task, or legitimate interests.

Individuals have rights such as access, rectification, erasure, restriction of processing, data portability, and objection. Controller and processor roles, contracts, and security measures need to be clearly defined.

What It Means for Businesses

GDPR compliance is not just a cookie banner. CRM records, email marketing, analytics, customer support logs, backups, third-party tools, and international data transfers all need to be assessed together.

For companies operating from Turkey or serving Turkish users, GDPR may need to be considered alongside KVKK. This page is a technical overview, not legal advice.