The provisions of Articles 135 to 140 of the Turkish Penal Code dated 26/9/2004 and numbered 5237 are applied in terms of crimes related to personal data. Contrary to the provisions of Article 7 of this Law; Those who do not delete or anonymize personal data are punished according to Article 138 of Law Code 5237.

1- According to the Law on the Protection of Personal Data (Personal Data Protection Law);

• From 5 thousand to 100 thousand liras for those who do not fulfill their obligation to inform,
• From 15 thousand liras to 1 million liras for those who do not fulfill their obligations regarding data security,
• From 25 thousand liras to 1 million liras for those who do not fulfill the decisions made by the panel,
• An administrative fine of 20 thousand lira to 1 million lira is imposed on those who violate the obligation to register and notify with the Data Controllers Registry.

2- The prescribed administrative fines are applied to natural persons who are data controllers and legal entities of private law.

3- Action is taken against the civil servants and other public officials working in the relevant public institutions and organizations, in case the actions are committed within the body of public institutions and organizations and professional organizations in the nature of a public institution and those working in professional organizations with the nature of public institutions, in accordance with the disciplinary provisions, and the result is determined and reported to the panel.