On 27 December 2019, the Turkish Data Protection Authority announced on its website that the deadline for registration with the Data Controller Registry through the VERBIS online system had been extended to 30 June 2020 for (i) data controllers with more than 50 employees or assets in excess of TRY 25 million, and (ii) data controllers established outside Turkey.

As to data controllers who process special categories of personal data as their main activity (even if they have fewer than 50 employees and their annual balance sheet value is under TRY 25 million), the deadline for registration has been extended to 30 September 2020. The deadline for public institution data controllers has been extended to 31 December 2020.

In its decision to extend the deadline for registration, the Turkish Data Protection Authority once more underscored the data controllers’ legal obligation to prepare a personal data processing inventory containing details of their data processing activities, to complete the VERBIS registration process on the basis of such inventory, and to notify the Turkish Data Protection Authority through VERBIS of any change in their data processing activities within seven days of such change.

The Turkish Data Protection Authority had previously extended the deadline for registration with VERBIS to 31 December 2019, and is thus unlikely to grant any further extension. It is strongly advisable for data controllers who have not yet prepared a data inventory or completed the registration process to comply with these requirements as soon as possible, well ahead of the new registration deadline.