The Communiqué on the Procedures and Principles Regarding the Personnel Certification Mechanism (“Communiqué”) prepared by the Personal Data Protection Board (“Board”) was published in Official Gazette numbered 31681 on dated 6 December 2021, as effective of even date.

The procedures and principles regarding the certification of Data Protection Officer Program (“Program”) have been determined with the Communiqué in accordance with the standard numbered (TS) EN ISO/IEC 17024.


  • In the Program where the procedures and principles will be determined by the Board, those who have obtained the certificate of participation and who are successful in the exam will be entitled to use “data protection officer” title.
  • Organizations accredited by the Turkish Accreditation Agency (TS) within the scope of EN ISO/IEC 17024 standard will be authorized to certify those who are successful in the relevant certification exams.
  • The data protection officer will be deemed to have sufficient knowledge in terms of personal data protection legislation within the scope of the Program for which they are certified.
  • The data protection officer will only be able to use this title during the validity period of their certificates. The validity period of the issued certificates is 4 years from the announcement of the exam results.
  • Employing a data protection officer within the data controller and/or data processor will not remove the responsibility of the data controller and the data processor to comply with Personal Data Protection Law numbered 6698 and relevant legislation.

You can access the full text of the Communiqué published in Official Gazette dated 6 December 2021 and numbered 31681 from this link. (Only available in Turkish).