OneTrust DataGuidance is pleased to announce the release of the GDPR v. LPPD Report, which compares data protection requirements and recommendations under the GDPR and the Law on Protection of Personal Data No. 6698 (‘the LPPD’).
The Report has been produced in collaboration with Esin Attorney Partnership and assesses the duties and obligations established by the LPPD as well as relevant Regulations and Communiques issued by the KVKK where applicable. The report examines the scope of application, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities contained in the LPPD and compares these with the requirements laid out under the GDPR. While there are notable differences between the laws regarding topics such as record keeping, data processing registration, and data protection officer appointments, there are also many parallels in requirements for data breach notifications as well as in fundamental definitions and their scope of application.
- Both the GDPR and LPPD have a potential extraterritorial applicability
- Similar concepts or ‘processing’, ‘personal data,’ and ‘sensitive data’
- There are comparable obligations for data controllers and processors, and specifically in regard to breach notifications
- Both legal frameworks establish mechanisms for cross-border data transfers, although LPPD emphasises explicit consent
While the GDPR details obligations for data processing records, the LPPD requires enrolment in the Data Controller’s Registry System (‘VERBIS’)
Download the report HERE.