As a result of the evaluation made within the scope of notices submitted to the Turkish Data Protection Authority regarding personal data security breaches in the areas where the service offered to citizens such as the counters, box offices and desks, the Board unanimously decides that:

• Institutions, especially those in the banking and health sector, that provide services by more than one employee in an open-plan office (where employees sit shoulder to shoulder at communal desks) like posting and cargo service providers, tourism agents, customer services departments of the chain stores, institutions that carry out subscription processes, and public and private sector institutions that provides services such as municipalities, tax and civil registration services shall take necessary organizational and technical measures pursuant to Article 12 of the Personal Data Protection Law numbered 6698 in order to prevent unauthorized persons to enter counter, box office and desk areas and to restrain persons, who gets services in close areas, from hearing, seeing, learning or acquiring each other’s personal data,
• This Resolution issued in accordance with Article 15 (6) of the Law shall be published in the Official Gazette and announced on the website of the Authority and pursuant to the Article 18 of the Law, the legal action shall be taken against for those who do not comply with this Resolution.