In today’s world, where data is one of the most important assets, the protection of personal data has become a critical concern. Having run over 40 projects in personal data protection, NAZALI is one of the leading institutions in this field with our group of professional lawyers who have a momentary command of the personal data protection legislation in Turkey, which has developed in line with the European Union regulations.


As personal data protection is interdisciplinary field, we perform legal compliance process for our clients in this field and respond to our clients’ daily needs with our systematic project execution style and knowledge in technology law with our ability to include different units such as tax, social security, and engineering as and when needed. With our international network and offices overseas with whom we have close contact, we ensure that our clients receive the most comprehensive service abroad, by mediating in the localization of documents of international clients or by offering legal support for our clients in Turkey regarding their overseas operations.


Our services;

  • Compliance projects
  • Creation of data inventory
  • Legal risk analysis
  • Application
    • Application consultancy
    • Review of policy, procedure, and compliance documents
    • Cookie policies
    • Approval of suggestions received on the website and application interfaces
    • Creation of explicit consent text, contract annexes and document analysis
  • Standard document support service
  • Data protection and data security trainings
  • Internal follow-up and audits
  • Processes for communication with the institution, VERBIS registration and data subject requests
  • Processes for data transfer
  • Data protection in regulated sectors; banking, telecommunications, energy, and health
  • Employee controls and data protection measures for employees
  • Investigations and e-discovery specific to data protection
  • Data protection in mergers and acquisitions and business transfers
  • Internal monitoring; establishing procedures for entry-exit, camera surveillance, vehicle tracking, internet and e-mail monitoring and other tracking processes
  • Data protection investigations and reviews
  • Litigation and disputes in data protection
  • Protection of personal data in internal audit and investigation processes


Corporate Governance Due Diligence

Corporate Governance Principles, published by the Capital Markets Board (SPK) in Turkey and the OECD (Organization for Economic Cooperation and Development) in the international platform, with very similar requirements, are a set of principles to be followed by companies who want to be successful today and in the future. Even though the issues related to Corporate Governance are addressed in the new Turkish Commercial Code, on a legal basis, only publicly traded companies in our country are responsible for complying with these principles. However, it is important for all small and medium-sized companies that aim to grow, want to establish themselves, plan to go public, seek new investment alternatives, and attract the attention of investors, to know where they stand in these principles and to determine the first steps to be taken in order to progress.


Determining the position of the companies in terms of Corporate Governance service covers evaluation of the following issues by meeting with the company management and ends with the presentation of project results to the Board of Directors.

Information and Documents to be examined;

  • Organizational structure of the company
  • Company’s management policies and procedures
  • Information about the company’s shareholding structure, Board of Directors, and subcommittees
  • Latest financial statements
  • Management duties and responsibilities
  • Duties and responsibilities of the Board of Directors and its members
  • Meeting minutes of the Board of Directors and relevant committees (if any) of the last year
  • Human Resources policies and procedures
  • Policies and procedures related to risk management
  • Policies and procedures regarding compliance with local and international laws and regulations
  • Reports prepared by public authorities, investigations carried out, examinations carried out in the last two years
  • Budgeting policies and procedures
  • Reporting policies and procedures
  • Internal audit policies and procedures
  • Latest internal audit plan
  • Internal audit reports prepared within the last year
  • Independent audit reports received in the last two years


  1. About Shareholders:

These issues can be reduced depending on the size of the company, the purpose of the project and whether it plans to go public.


Key Issues to be examined:

  • Equal treatment
  • Protection of rights
  • Up-to-date, transparent, and public information on necessary issues
  • Debriefing and inspection / special inspection
  • Participation in the General Assembly
  • Transactions of shareholders that may create a conflict of interest
  • Important transactions
  • exercise of the right to vote
  • Exercise of minority rights
  • Dividend rights
  • Ease of transferring shares

2- About Public Disclosure and Transparency:

  • Disclosure policy
  • Timely update
  • Website
  • Activity report

3- About stakeholders:

  • Company policy
  • Supporting contribution to company management
  • Human resources policy
  • Relations with customers and suppliers
  • Ethical rules
  • Social responsibility

4- About the Board of Directors:

  • Function
  • Operating principles
  • Structure
  • Meeting forms
  • Subcommittees
  • Financial rights provided to members of the Board of Directors and senior management


Within the scope of the right to obtain information and inspection, shareholders have the right to request a special audit if there are suspicions of misconduct regarding the company.