Protection of the personal data is being regulated in accordance with the Personal Data Protection Law No. 6698 in Turkey. However, the employee-employer relationship requires additional importance in terms of the protection of the personal data of employees and customers.
Protection of the Personal Data of Employees in Accordance with the Turkish Labour Code
The regulations regarding the confidentiality of the employee’s personal data are included in Article 75 of the Labor Law, titled “Worker’s Personal File”. Pursuant to the relevant regulation, “The employer prepares a personnel file for each employee he employs. In this file, the employer is obliged to keep all kinds of documents and records that it has to arrange in accordance with this Law and other laws, as well as the identity information of the worker, and show them to the authorized officers and authorities when requested. The employer is obliged to use the information obtained about the employee in accordance with the rules of honesty and law, and not to disclose the information that the employee has a justified interest in keeping it confidential.
When the regulation in the Labor Law is examined, it is seen that the employer is responsible for the confidentiality of the information in the employee’s personnel file, which he is obliged to keep within the scope of the labor legislation, and gives the employer the authority to hide this information and show it only to the authorized persons and authorities. In this context, the Labor Law imposes an obligation on the employer to keep the information obtained about the employee in accordance with the law, observing the rules of honesty, and imposes a responsibility on the employer to keep the said information confidential.
In the Labor Law, if the employer does not regulate the employee’s personal file, the sanction to be applied against the employer is regulated in Article 104/I of the Labor Law, but the sanction to be applied in case the employer violates the principle of confidentiality of the employee’s personal data is not regulated.
On the other hand, it can be accepted that the employee has the right to terminate the employment contract with just cause pursuant to article 24/II of the Labor Law, on the grounds that he/she acts in violation of the confidentiality of the employer’s personal data.
What is the Scope of the Employee’s Personal Data Confidentiality Pursuant to the Occupational Health and Safety Law?
The Occupational Health and Safety Law No. 6331 also imposes an obligation on the employer to keep the employee’s health information within the scope of personal data confidential. Pursuant to the last paragraph of Article 15 of the Law titled Health Surveillance, the employer is obliged to keep the health information confidential in order to protect the private life and reputation of the employee who has undergone a medical examination.
The Occupational Health and Safety Services Regulation also obliges the employer to keep the record of occupational health and safety activities and the personal health files of the workers. Pursuant to Article 7 of the Occupational Health and Safety Services Regulation, “Without prejudice to the periods determined in the relevant legislation; It keeps all kinds of records related to occupational health and safety activities carried out in the workplace, personal health files of employees for at least 15 years from the date of leaving the job.
If the employee leaves the workplace and starts working in another workplace, the new employer requests the employee’s personal health file in writing, the previous employer approves a copy of the file and sends it within one month. The original copy of the approved book is kept by the employer, the other copies are kept by the occupational safety specialist and the workplace doctor. The employer is responsible for signing the book and keeping it organized. The employer has to show the approved book whenever the labor inspectors authorized to inspect demand it.”