Author: İdil Uz
Introduction
The Regulation on Protection and Processing of Personal Data by the Social Security Institution (the “Regulation”), the purpose of which is to determine the procedures and principles for processing data obtained within the scope of the duties and authority of the Social Security Institution (“SSI”), entered into force through its publication in the Official Gazette dated 19.02.2022 and numbered 31755.
In addition to the SSI, the Regulation also covers the personnel of the SSI, natural persons whose personal data is processed, natural and legal persons who provide services such as information technology systems software and hardware for the processing and filing of personal data, public institutions and organizations that process personal data within the scope of the activities of the SSI, institutions and private law real and legal persons, real or legal persons who process personal data on behalf of the SSI, public institutions and organizations to which data transfer is made, and private law real and legal persons. Due to the comprehensive nature of the regulation, it is important to examine the Regulation in detail and to determine the rights, responsibilities, and obligations of the actors within its scope.
This article aims to sketch the framework of the Regulation and to examine its requirements.