AC
Anasayfa Makaleler IT Law

KVKK Data Transfer Abroad (KVKK article 9): SCC and Qualification

10 Nisan 2026 IT Law 1 dk okuma 93 görüntülenme

KVKK article 9 imposes strict conditions on the transfer of personal data abroad. Cloud services (Microsoft, Google, AWS) make this issue critical.

Transfer Conditions (KVKK Art. 9)

  • Explicit consent of the relevant person, or
  • The country to which the data will be transferred must have adequate protection, or
  • A written commitment by the data controllers and KVKK permit

Countries with Adequate Protection

KVKK Institution has not yet published the country list. Therefore, explicit consent or SCC + KVKK permission must be obtained for each transfer.

Standard Contractual Clauses (SCC)

In 2024, the KVKK Board published SCC patterns similar to the GDPR. Companies can make transfers by signing this agreement and notifying the Authority within 5 business days.

Binding Corporate Rules (BCR)

For data transfer within the multinational company group, binding company rules can be prepared and approval can be obtained from the KVKK Authority.

Sanction

  • Unauthorized transfer abroad: high administrative fine
  • Compensation against the relevant person. responsibility

Practical Recommendations

  • Make a transfer inventory for all cloud providers
  • Communication with providers for signing SCC
  • Data transfer clauses in contracts
  • Transfer notification to relevant persons

KVKK compliance consultancy is recommended.

Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

Hukuki destek arıyorsanız

Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

Görüşme Planla