Plazas and business centers are one of the data controllers that may face administrative fines of up to 1 million TL in case of non-compliance with the Personal Data Protection Law.

For example, let’s assume we go to a plaza as a customer or visitor. The security guard asks for our ID and processes our personal information in a notebook or computer at the entrance of the plaza. Your identity can stay there for hours. it becomes clear how wrong the application is, considering that all our data like ID number, birthdate is appearently disclosed. The data owner is breached in case of any data leak or theft. This includes data such as fingerprints and biometric photos.

So, Personal Data Protection Law stipulates this application as a serious crime. Businesses such as plazas and business centers that do not comply with Personal Data Protection Law are committing this crime. The law covers not only private companies but also public institutions. However, Turkey is not aware of this law yet.

According to Personal Data Protection Law, explicit consent must be obtained in order to collect personal data. Administrative fines up to 1 million TL await businesses such as plazas or business centers if the data owner grumbles. Such violations add-on criminal and civil liability.