IKV held a seminar in cooperation with Muhtaranlar Attorney Partnership, entitled "What Does General Data Protection Regulation (GDPR) Bring for the EU and Turkey?” on 6 June 2018. IKV Research Director Çisel İleri moderated the meeting in which Assoc. Prof. Marian Alexander Arning from Turkish German University, Managing Partner of Muhtaranlar Attorney Partnership Gökhan Muhtaranlar and Head of Law Department of the Personal Data Protection Authority (KVKK) Demet Arslaner Keklikkıran were the main speakers.

The first speaker of the meeting, Assoc. Prof. Marian Alexander Arning started his presentation with a detailed summary of the new GDPR and indicated that the negative perception on the new GDPR in the mainstream media is unfounded. Arning further explained that on 25 May 2018, GDPR replaced with the Directive 95/46/EC after a two-year transition period and explained how the old directive created an extra burden and cost to each member country because of a lack of wider European regulation. Arning stated that one of the most significant impacts created by the direct implementation of the GDPR on a European scale is curbing the costs and incompatibilities due to the significant differences between the local regulations of the Member States. Assoc. Prof. Arning identified two important novelties brought by the GDPR as its extended scope and increased sanctions and gave in-depth information on two basic principles of the GDPR to distinguish the applicability; the establishment principle and the market principle. Describing how the target customer and behavioral monitoring are subject to regulation under the market principle, Arning shared some case studies and pointed to the importance of "consent" in data collection and use. Finally, describing what the new regulation on International Data Transfer in the global world brings, Assoc. Prof. Arning tried to reduce the uncertainties that Turkish multinational companies face today.

Attorney Gökhan Muhtaranlar, in his presentation, drew attention to the differences between the GDPR and the Personal Data Protection Law with the law number 6698 (KVKK) that has been already in place for the Turkish market. Mr. Muhtaranlar highlighted the significance of adaptation of the Turkish Personal Data Protection Law to GDPR for mainly two reasons. First, it is directly related to one of the 72 criteria in front of the country’s visa liberalisation process and secondly, this digital cohesion helps Turkey to be identified as a secure country by the European Commission, which is crucially determinant for the country’s ability to attract foreign investors. Furthermore, Mr. Muhtaranlar explained in detail the additional principles of the GDPR differing from the Personal Data Protection Law with respect to principles as transparency, objective compatibility, data integrity and data privacy in the light of concrete examples. Speaking of innovations in data processing and protection, Mr. Muhtaranlar concluded his presentation by a brief comparison of the sanctions imposed by GDPR and KVKK.

Lastly, Head of Law Department of the Personal Data Protection Authority Demet Arslaner Keklikkıran put KVKK in the center of her presentation and further explained how the GDPR differ from the KVKK. Mrs. Keklikkıran started her speech by describing the development process of the personal data protection regulation in Turkey from a historic point of view and declared that as an institution they are following the adaptation process closely and working hand in hand with the European law makers. She noted that the area of application of ??the regulation is very wide, referring to the fact that the GDPR apply to people outside the EU if they are working with the data of people in the EU or if they offer goods or services to the Europeans. Keklikkıran explained the new posts of responsibility for the data regulation and stated their scope of responsibility and sanctions in case of non-compliance. After making a comparison of the basic principles, the speaker explained how the concept of "explicit consent" was handled in the GDPR as opposed to KVKK and stated that individuals obtain new rights in the digital age such as the right to be forgotten, the right to limit the transactions and the right of data portability.

In the Q&A session following the speeches, the speakers tried clearing the uncertainties in the minds of the participants from various sectors such as IT, tourism, textile and education. In recent years, data security has attracted an increasing attention starting with Edward Snowden and Julian Assange cases to the last Cambridge Analytica scandal and that the GDPR aims to reduce the associated concerns. While the panel was a good step to shed some light on what is going on to change in data protection with the introduction of the new regulation, all speakers were in line with the idea that the air will be clearer when the application and the corresponding legal cases start to come into light.