Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Turkey: KVKK fines gaming company TRY 1,100,000 for breach notification violations

The Personal Data Protection Authority ('KVKK') published, on 23 June 2020, its decision ('the Decision') of 16 April 2020, fining a gaming company a total of TRY 1,100,000 (approx. €142,980) for data breach notification violations. In particular, the Decision concerns a data breach suffered by the gaming company in which hackers were able to gain access to the company’s player data affecting 39,995 individuals in Turkey. Specifically, the Decision highlights that the company was fined 1,000,000 TRY (approx. €129,980) for violations of Article 12 of the Law on Protection of Personal Data No.6698 ('the Law') and not having taken the necessary technical and administrative measures to ensure the appropriate level of security. Furthermore, the Decision notes that the gaming company was fined an additional TRY 100,000 (approx. €13,000) for failures to report the breach within the 72-hour period required.

You can read the Decision, only available in Turkish, here.