Gereksiniminizi KarşılayınRegisteredData Controller Representative in Türkiye
Foreign companies processing personal data of Turkish residents are required to appoint a local representative under KVKK. Kooch is a registered Turkish legal entity that receives authority correspondence, forwards data subject requests, and maintains your VERBIS record — so your team doesn't have to navigate Turkish procedure alone.
* Representative-only and partner-supported options available for foreign law firms, privacy consultancies, and international compliance teams.
Sorun: Türkiye'deneed this servicea representative in Türkiye:
Şirketiniz Türkiye'de bulunmuyorsa ancak Türkiye'de ikamet edenlerin kişisel verilerini topluyorsanız veya işliyorsanız, “yerleşik olmayan denetleyici” olarak sınıflandırılırsınız. Unlike GDPR Article 27, there is no de minimis threshold for foreign controllers. If you process Turkish residents' personal data — through a website, an app, a service, or any other channel — you fall within scope and must appoint a representative before registering in VERBIS, Türkiye's Data Controllers' Registry.
2026 penalty exposure: Failure to register in VERBIS or maintain a valid representative can result in administrative fines of up to TRY 17,092,242 per violation following the November 2025 revaluation. The Personal Data Protection Authority imposed TRY 503 million in fines on non-compliant controllers in a single 2024 enforcement wave.
Çözüm: Türkiye'de Uyumluluk İçin Resmi ve Güvenilir İrtibat Noktanız
Bizim between your organization, the Personal Data Protection Authority, and data subjects in Türkiye. We're the local Turkish-registered entity on record — you remain the data controller and retain all decisions about how personal data is processed.
Setup infour steps:
A complete appointment typically takes two to six weeks, depending on apostille and translation timelines in your jurisdiction.
Step 1 — Appointment Resolution
Your board or authorized signatory issues a resolution appointing Kooch as your KVKK representative. We provide a template that meets Personal Data Protection Authority expectations, reviewed by our partnered Turkish privacy counsel.
Step 2 — Apostille & Sworn Translation
The resolution is apostilled in your jurisdiction (Hague Convention countries) or consularized (non-Hague countries), then translated into Turkish by a sworn translator. We coordinate the process and handle pass-through costs.
Step 3 — VERBIS Registration
We register your organization as a "Data Controller Residing Abroad" in VERBIS, the Personal Data Protection Authority's official registry, listing Kooch as your representative.
Step 4 — Privacy Notice Clause
You update your privacy notice to name Kooch as your Türkiye representative, with our Istanbul address and contact channel for Turkish data subjects. We provide the exact clause text.
What we handle as your representative:
Authority correspondence
We receive and acknowledge correspondence from the Personal Data Protection Authority within 24 business hours and coordinate your response with you and your legal counsel.
Data subject requests (DSARs)
Requests from data subjects in Türkiye reach Kooch first. We forward them to you within 1 business day and track the statutory 30-day response window.
VERBIS maintenance
We keep your VERBIS record current — updating processing purposes, data categories, retention periods, and cross-border transfer mechanisms as your operations evolve.
Cross-border transfer notifications
When you sign a Standard Contract under the post-2024 KVKK cross-border framework, we coordinate the 5-business-day notification to the Authority via the Data Transfer Module.
Breach coordination
In the event of a personal data breach, we coordinate the 72-hour notification to the Authority alongside your incident response team and legal counsel.
Annual review
Once per year, we review your VERBIS entries, processing inventory, and representative arrangement to confirm everything is current.
Ne Alırsınız (Teslimatlar)do notdo:
Yasal Yükümlülüğünüzü yerine getirmek için ihtiyacınız olan her şey
Resmi Türkiye Temsilcisi:on whether KVKK applies to a specific processing activity
Resmi Temas Noktası: Standard Contracts, Binding Corporate Rules, or undertaking letters
VERBIS Kayıt Yönetimi:before Turkish administrative courts
Güvenli Yazışma İşleme:of lawful basis under KVKK Article 5 or 6
Health, genetic, biometric, or clinical-trial data processing advice (handled in partnership with specialist counsel)
Tax, employment, or commercial law matters
Nasıl Çalışıroptions:
One annual feeKolaylaştırılmış 3 Adımlı Randevu Sürecimiz
Türkiye'de bir DPR ataması yasal olarak kimler zorunludur?
Türkiye'de ikamet edenlerin kişisel verilerini işleyen tüm yerleşik olmayan veri sorumluları (Türkiye'de fiziksel varlığı olmayan şirketler) Türkiye merkezli bir temsilci atamak zorundadır.
Bir DPR atamazsak ne olur?
KVKK'yı ihlal edeceksiniz. Bu, para cezalarına neden olabilir ve VERBIS veri sicilindeki zorunlu kaydınızı yasal olarak tamamlamanızı engelleyebilir.
Ne tür sorgulamalarla ilgileneceksiniz?
Türkiye'deki bireylerden KVKK Kurumu'ndan ve Veri Sahibi Erişim Taleplerinden (DSAR) resmi yazışmaları alacak, takip edecek ve ileteceğiz.
Veri Koruma Temsilcisi (DPR) Veri Koruma Görevlisi (DPO) ile aynı mıdır?
Hayır. DPR, GDPR Madde 27'ye benzer şekilde, yabancı şirketler için zorunlu bir yerel iletişim noktasıdır. DPO, bir kuruluşun veri koruma stratejisini denetlemekten sorumlu daha geniş bir roldür ve bu her zaman zorunlu değildir.
.webp)
