Info Hub
Law2 min read

North Cyprus Data Protection Law: what every business must do

Every business that holds customer and employee data processes personal data. The Turkish Republic of Northern Cyprus has its own law in this area and an active supervisory body. This article summarises the core obligations for businesses.

The law and the Board

The Data Protection Law (89/2007) came into force on 7 April 2007. It is specific to North Cyprus and separate from Turkey's Law 6698 and from the European Union regulation. The supervisory body, the Personal Data Protection Board, has been operating since March 2019 and has its own legal personality.

The 2024 development: fee and licence regulation

The Fee and Licence Regulation, based on Article 37 of the law, was published in the Official Gazette on 22 August 2024 with Council of Ministers approval. The regulation introduces fees and licensing tied to data processing. Registration and notification duties are therefore a current issue for businesses.

Core obligations for businesses

The Board has also published a separate regulation on how to give a privacy notice. Confirm the specific obligations and possible penalties against the current law and regulation texts.

Practical tip

Frequently asked questions

Does North Cyprus have its own data protection law?

Yes. Data Protection Law 89/2007 is in force and is supervised by an active Board.

Does Turkey's data protection law apply in North Cyprus?

No. North Cyprus applies its own law (89/2007); Turkey's Law 6698 does not apply here.

What changed in 2024?

A fee and licence regulation based on Article 37 of the law was published on 22 August 2024, introducing fees and licensing duties tied to data processing.

Sources

This article is for general information; obligations and penalties can change with legislation. Contact us for a compliance assessment tailored to your business.