AC
Anasayfa Makaleler

Is DPO Internal or External? KVKK and GDPR Comparison

TL;DR

KVKK'da resmi DPO yok; pratik gereklilik var. GDPR'da kamu + büyük ölçek + özel veri için zorunlu.

16 Şubat 2026 1 dk okuma 13 görüntülenme Son güncelleme: 10 Mayıs 2026

DPO selection 3 criteria: independence, qualified, no conflict of interest.

Insider DPO

  • High company knowledge.
  • Low cost.
  • Risk: conflict of interest.

External DPO

  • Complete independence.
  • Multi-sector experience.
  • Cost 5K-20K TL/month.

Hybrid

  • Internal coordinator + external DPO.
  • Common middle scale.

Frequently asked

Can a lawyer from within the company become a DPO?

Yes; but risk of conflict of legal counsel.

Is a DPO certificate required?

No in KVKK; but recommended for security.

Single DPO to multiple companies?

Yes; Group companies are common.

Relevant legislation

  • KVKK no. 6698 article 12 — Data security obligation; notice of violation (art.12/5).
  • KVKK no. 6698 article 14 — Right to compensation.
  • KVKK no. 6698 article 18 — Administrative fine (up to 5 million TL).
  • GDPR Art. 33-34 — 72-hour infringement notification on EU cross-border transfer.
  • TCK art.135-136 — Unlawful recording/dissemination of personal data.
Legal notice: This article is for general information purposes; A meeting with a lawyer is required for a concrete case.

Kaynaklar ve referanslar

Kaynaklar

DPO İçeriden mi Dışarıdan mı? KVKK ve GDPR Karşılaştırma içeriği hazırlanırken resmi mevzuat ve yüksek yargı kaynakları esas alınmıştır.

Telif bildirimi This content and all related Q&A texts are protected under Turkish Copyright Law No. 5846. Unauthorized copying, reproduction, publication, adaptation, bulk extraction, or commercial use is prohibited; legal and criminal remedies are reserved in case of infringement.

Hukuki destek arıyorsanız

Bu konuda profesyonel hukuki destek için Aycan Ceylan Avukatlık Bürosu olarak yanınızdayız.

Görüşme Planla