DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇹🇷 Middle East & North Africa

Cookie consent in Türkiye

Consent and privacy law in Türkiye

In short
Turkey's data protection law, KVKK Law No. 6698, dates from 2016 and is modelled on the earlier EU Data Protection Directive, enforced by the authority of the same name. A distinctive feature has been a strict approach to cross border transfers, which historically required either explicit consent or the rare use of an authority-approved undertaking, making transfers difficult. A 2024 amendment relaxed transfer rules by introducing standard contractual clauses and adequacy-style mechanisms, and adjusted the rules on sensitive data. Explicit consent must be specific and informed. Data controllers often must register with VERBIS, the controllers registry. Notices in Turkish are expected, and cookies that identify users are personal data.
Authority
Kişisel Verileri Koruma Kurumu (KVKK)
Status

Law No. 6698 on the Protection of Personal Data since 2016, amended in 2024

Primary law
KVKK
Languages

tr

Who must comply

Data controllers that process personal data of individuals in Turkey, including controllers based abroad whose processing affects people in Turkey.

Penalties

Administrative fines updated annually, with criminal penalties for some offences

Key obligations

  • Obtain explicit consent unless another legal condition applies
  • Provide a clear disclosure notice before processing
  • Apply stricter conditions for special categories of data
  • Honor access, correction, deletion and objection rights
  • Register with the data controllers registry where required

Local guidance

  • Register with VERBIS where required
  • Use the new transfer mechanisms from the 2024 amendment
  • Obtain specific and informed explicit consent
  • Provide notices in Turkish

How ConsentX helps

  • Explicit, specific opt-in consent capture
  • Disclosure notice in the banner
  • Stricter flows for special-category data
  • Rights request workflow with evidence
  • Region rule engine tuned for Turkey
Get started free
yoursite.com
🇹🇷 Turkey

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Turkey using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Turkey.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Turkey requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Turkey audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

What is VERBIS in Turkey?+

VERBIS is the Turkish data controllers registry. Many controllers are required to register with VERBIS as part of their obligations under the KVKK.

Did Turkey ease cross border transfer rules?+

Yes. A 2024 amendment relaxed the previously strict transfer regime by introducing standard contractual clauses and adequacy-style mechanisms, making lawful transfers more practical.

Governing law

🇹🇷 KVKK

Other countries in Middle East & North Africa

🇦🇪 الإمارات العربية المتحدة🇸🇦 المملكة العربية السعودية🇶🇦 قطر🇧🇭 البحرين🇮🇱 ישראל🇪🇬 مصر