According to the announcement published by the Personal Data Protection Authority (KVKK) on January 3, 2025, the amounts of administrative fines for 2025 have been increased by 43.93% in line with the revaluation rate determined under the Tax Procedure Law No. 213.
Based on this increase, the updated ranges of administrative fines are as follows:
- For failure to fulfill the obligation to inform: from TRY 68,083.00 to TRY 1,362,021.00,
- For failure to fulfill data security obligations: from TRY 204,285.00 to TRY 13,620,402.00,
- For failure to comply with decisions of the Board: from TRY 340,476.00 to TRY 13,620,402.00,
- For failure to comply with the obligation to register with and notify the Data Controllers’ Registry (VERBIS): from TRY 272,380.00 to TRY 13,620,402.00,
- For failure to notify the Authority of standard contracts relating to the transfer of personal data abroad: from TRY 71,965.00 to TRY 1,439,300.00.
In addition, the Authority announced that a total of TRY 552,668,000 in administrative fines was imposed in 2024.
The penalties imposed in 2024 and the increased administrative fine amounts for 2025 make it essential for organizations to review their data security processes and strengthen compliance efforts in order to avoid potential data breaches and legal liabilities as of 2025.
You can access the table showing the updated administrative fine amounts for the years 2017–2025—calculated in line with the officially announced revaluation rates—via this link.