GDPR is a regulation on the processing of personal data of European Union (EU) citizens and was created to regulate the free movement of personal data across borders and it was adopted by the EU Commission on May 2016 and entered into force on 25 May 2018.

If organizations operating in Turkey have personal data of EU citizens, they must take into account the GDPR regulation regarding the processing, transfer and protection of this data.

There are many differences between GDPR and KVKK. The most obvious of these differences are the employment of DPO (Data Protection Officer) and the privacy impact assessment. Apart from this, the regulation stands out with its concepts such as data belonging to minors and the right to be forgotten, unlike the KVKK.

All organizations that process personal data of EU citizens as data controllers or data processors must take protection measures in accordance with GDPR.