How I came to the data field: I have a corporate and M&A background and decided to focus on the data field before the Turkish Data Protection Law came into effect in 2016. For many years, the data field was very limited in Turkey and we would receive few questionnaires from international clients and provide simple answers. This changed when the Data Protection Law entered into effect.
A highlight of my career was when the GDPR entered into force in May 2016 and started to apply as of May 2018. This was a great opportunity to take a deep dive in this area with an international approach, so I started to attend international training.
This helped me to see that even in Europe where data protection has a long-established heritage and practice, privacy professionals were working together to correctly interpret and apply this new regulation. With this in mind, with a few of my colleagues we invited 10 law firms/lawyers to discuss the Turkish law and lead good practices in this field. This initiative was embraced by other privacy professionals and academics, and led to discussions held monthly on-site in association with the Information Systems Research Center of Bogazici University, one of Turkey’s most prestigious engineering and business schools. Legal professionals, academics, cyber security professionals, data protection officers and experts are invited to platform meetings on a monthly basis, which are now being held online due to the covid-19 pandemic.
Following the success of platform meeting, the Data Protection Association (VKD) was established in 2018. I was elected as the first chairperson of VKD and I am honoured to continue this position for my second term. The primary purpose of VKD is to promote best practices in the area of data protection by due implementation of data protection laws in Turkey, to support legislative and supervisory efforts for the recognition of Turkey as an adequate country, to encourage international and bilateral treaties for international data transfers, to support academic research on data protection rights, to carry out activities to increase the cooperation and relationship with Turkish data protection authority with other supervisory authorities and international institutions, amongst others.
The biggest challenge in data law is the ever-evolving nature of the subject globally. Covid brought more challenges and expedited the process of the new normal. Turkey follows the European approach; this means that as Turkish professionals we must follow the EU legislation and be up to date in order to lead best practices. This also means we need to balance a human rights-centred data protection approach with the needs of businesses in a highly competitive digital age. Although lawyers have been traditionally known to be laggards when it comes to adopting novelties, in my opinion this is not the case when it comes to the data field. In this area lawyers are (and must be) part of the innovators. On the other had it gives the utmost professional satisfaction being a part of this challenge on a global level.
The privacy community is amazing. It is in my view an unorthodox community. Women professionals have, and are still having, leading positions. As a women this makes a difference. My background is M&A and I can see the difference between the two communities when I attend the privacy events, conferences and webinars. My advice to my organisation was to create such a community in Turkey and to be a part of the international privacy community. We are doing this by organising webinars as a law firm jointly with another law firm, creating interdisciplinary forums and supporting the community in any way possible.
The privacy community has amazing women in leading positions and this is so much in the DNA of this practice area. When it comes to data protection issues, understanding or sensing vulnerabilities of data subjects is essential. I believe that the ability to see through these vulnerabilities plays an essential role, especially when you discuss issues like impact assessments and privacy by design.
In terms of how the field has changed, it may be hard for me to compare previous decades, but I see that women professionals in this area have been the ones who created this area of practice and they play a very important role in their organisations to build the future of the data field.
I am following developments and discussions on AI, ethics in the digital age, algorithms and their interaction with competition, consumers and privacy laws, trends in cybersecurity and international data transfers. I also follow closely blockchain and privacy solutions. I believe that we are at the edge of a new digital era. An interdisciplinary approach is necessary to understand the data protection and privacy needs and further create innovative approaches for new challenges.
A piece of advice I would give aspiring data lawyers and professionals: This is a global practice area and it is necessary to follow up on developments in different regions of the world on a daily basis. It is a unique field where you can be among the innovators and not the laggards.