Announcement by Personal Data Protection Authority on Standard Contracts

The Personal Data Protection Authority (“Authority”) published an announcement (“Announcement”) on its website on 05.02.2025 regarding the issues to be addressed with regard to the standard contracts to be the basis for the transfer of personal data abroad. 

The important points under the Announcement are as follows: 

• Standard contracts shall be signed by authorized representatives, otherwise they will be deemed invalid. 
• Signatures must comply with the Turkish Code of Obligations.
• In foreign language contracts, the Turkish text shall also be signed.
• Documents showing signature authorisation shall be submitted to the Authority. 
• Party information shall be complete and consistent and address, contact and signatory information shall be clearly indicated. 
• Standard contracts shall be notified to the Authority within five business days from their signature.
• Notifications shall be made physically, via registered e-mail (REM) or the relevant module.
• Signature dates shall be specified in the contracts.
• Foreign documents shall be submitted to the Authority with apostille or consular attestation and notarised Turkish translations.

It is specifically indicated in the Announcement that the signatures on the standard contracts shall comply with the Turkish Code of Obligations. Accordingly, the signatures to be affixed on the contracts must be wet signatures or electronic signatures obtained from electronic certificate service providers authorised by the Information and Communication Technologies Authority (“ICTA”) in accordance with the Electronic Signature Law No. 5070. Therefore, it will not be possible to sign standard contracts with electronic signature tools such as Docusign which are not authorised by the ICTA. 

You may access the Announcement in Turkish here.