It is all kinds of information regarding a natural person whose identity is determined or identifiable. In order to be able to talk about personal data, the data must be related to a real person and this person must be determined or identifiable.

The law stipulates that personal data may be transferred to third parties with the express consent of the person concerned. However, with Article 5 of the Law and provided that adequate measures are taken, it is also possible to transfer personal data within the country without seeking explicit consent, provided that the conditions in Article 6 are met.

Explicit consent is the consent that is based on being informed about a particular subject and is expressed with free will. In other words, it is a declaration of consent given by the data subject to the processing of his/her data freely, with sufficient knowledge about the subject, and only on the condition that it is limited to that transaction.

Deletion of personal data is the process of making the personal data in question inaccessible and unusable by the relevant users in any way. The data controller takes all necessary technical and administrative measures to ensure that the deleted personal data cannot be accessed and reused by the relevant users.

Data processors are natural or legal persons who process personal data on behalf of the data controller, based on the authority given by the data controller. These persons may also be a separate natural or legal person authorized by the data controller to process personal data.

VERBIS is a registration system where natural and legal persons processing personal data must register before starting personal data processing and enter information on a categorical basis regarding the personal data they are processing. The Data Controllers Registry is an information system introduced by the Personal Data Protection Law No. 6698 and the details of which are regulated by the Data Controllers Regulation.

- Real and legal person data controllers with an annual number of employees of more than 50 or annual financial balance sheet total of more than 25 million TL,
- Real and legal person data controllers whose main field of activity is processing special personal data, although the annual number of employees is less than 50 and the annual financial balance sheet total is less than 25 million TL,
- Data controllers of public institutions and organizations are obliged to register to VERBIS.

In accordance with the Regulation on Commercial Communication and Commercial Electronic Messages published in the Official Gazette; IYS Module is a national database system, where service providers can store and manage different types of message permissions such as call, message and e-mail, view and remove the permissions the recipients have given, report unauthorized submissions, and the public can view message complaints and the status of the permission subject to the complaint, that will serve over the Internet, SMS, and a call center to record all permissions with time stamp and store them securely.