Uzun Keskin Attorney Partnership

Legal Newsletter 9 – 22 October 2025

The Ministry of Trade conducted secondary control audits of companies’ past declarations and registered customs declarations to identify transactions that

The Ministry of Trade conducted secondary control audits of companies’ past declarations and registered customs declarations to identify transactions that violated customs and foreign trade regulations. Within the scope of these audits, 51,649 declarations from 5,503 companies were examined in the first nine months of 2025, and additional assessments and fines totaling 8.8 billion Turkish lira were imposed.

The Ministry of Trade has detected toxic substances at levels exceeding regulatory limits in footwear, toys, and leather goods following inspections and laboratory analyses. In this context, restrictions on the import of these high-risk product groups into the country by mail and express delivery came into effect with Circular No. 2025/11 dated October 20, 2025.

The Ministry of Trade inspected nearly 427,000 companies and 26.9 million products as part of its market inspections conducted between January and September 2025. As a result of the inspections, administrative fines totaling 2.1 billion Turkish lira were imposed for unfair commercial practices, excessive pricing, hoarding, and product safety violations.

The Monetary Policy Board of the Central Bank of the Republic of Turkey lowered the one-week repo auction rate, which is the policy rate, from 40.5 percent to 39.5 percent. The Board also lowered the overnight lending rate from 43.5 percent to 42.5 percent and the overnight borrowing rate from 39 percent to 38 percent.

The Turkish Grand National Assembly Planning and Budget Committee began discussions on the Bill on Amendments to Tax Laws, Certain Laws, and Decree Law No. 631, which includes tax-related regulations. The bill contains regulations such as combating informality, strengthening tax justice, and removing certain exemptions.

The Turkish Grand National Assembly General Assembly completed its deliberations on the Bill on Amendments to the Foundations Law and Certain Other Laws, which contains regulations related to tourism and foundations. The bill covers changes in the authority to manage foundation real estate and regulations regarding identity reporting obligations.

The Competition Board decided to impose an administrative fine of 402 million Turkish lira on Adidas following an investigation into the company’s alleged violation of Article 4 of Law No. 4054 by setting resale prices for its authorized retailers.

The Competition Board has determined that Türkiye Şişe ve Cam Fabrikaları AŞ (ŞİŞECAM), its subsidiary Şişecam Çevre Sistemleri AŞ (ÇEVRE SİSTEMLERİ), and Karacalar Nak. Oto. Geri Dönüşüm San. ve Tic. Ltd. Şti. (KARACALAR) have violated Article 4 of Law No. 4054 by setting glass scrap prices, and sharing regions and/or customers with the aim of restricting competition, and exchanging competition-sensitive information, thereby violating Article 4 of Law No. 4054. As a result of the investigation, the Competition Authority decided to impose an administrative fine of 3 billion Turkish lira on ŞİŞECAM and ÇEVRE SİSTEMLERİ and 2 billion Turkish lira on KARACALAR.  

The Competition Board decided to impose administrative fines totaling 245 million Turkish lira on certain undertakings, most of which operate in the pharmaceutical sector, following an investigation into their alleged violation of Article 4 of Law No. 4054 by entering into non-solicitation agreements and/or sharing competitively sensitive information.

The Advertising Board monitored advertising content aimed at or affecting children and imposed administrative sanctions on advertisements found to be in violation of the legislation. In accordance with the provisions of Law No. 6502 on the Protection of Consumers and the relevant regulations, decisions were taken to suspend, correct, impose fines, and block access to advertisements that threatened the health and safety of children.

The Constitutional Court’s decision dated June 3, 2025, numbered E: 2024/157, K: 2025/121, was published in the Official Gazette dated October 23, 2025, numbered 33056. The decision repealed the provision of Article 3/15, which stipulated that in cases involving a principal employer-subcontractor relationship, a request for mediation regarding reinstatement to work must be directed to both parties.  

Presidential Circular No. 2025/17 on the National Circular Economy Strategy and Action Plan (2025-2028) entered into force upon its publication in the Official Gazette dated October 18, 2025, and numbered 33032. Circural aims to promote efficient use of natural resources, reduce waste, and spread practices in line with “Zero Waste” approach.

The Decision on Determining the General Investment and Financing Program of Public Economic Enterprises and Affiliated Companies for 2026 (Decision No. 10501) entered into force upon its publication in the Official Gazette dated October 18, 2025, and numbered 33032. The decision determines the investment targets and financing policies of public economic enterprises for 2026.

The Regulation on Type Approval of Heavy Duty Vehicles with Event Data Recorder Systems (AB/2024/2220) entered into force upon its publication in the Official Gazette dated October 18, 2025, and numbered 33032. The Regulation regulates the type approval requirements for event data recorder systems in heavy-duty vehicles in categories M2, M3, N2, and N3.

The explanations in the four (4) personal data breach notifications submitted to the Personal Data Protection Board are as follows:

  • In the data breach notification submitted to the Board by Mango T.R. Tekstil Tic. Ltd. Şti., acting as the data controller, it was summarized that the breach occurred between 06.10.2025 and 10.10.2025 and was detected on 10.10.2025; that the breach took place as a result of the leakage of an administrator credential used to access the API of the digital marketing email system platform utilized by the data controller, which led to unauthorized access to customer data; that the cyberattack was carried out against Mango’s headquarters in Spain and that the personal data of all customers globally, including Turkish citizens, were accessed without authorization; that the data affected by the breach included customers’ names (no breach regarding surnames), countries, postal codes, phone numbers, and email addresses; that a total of 4,349,620 data subjects were affected in relation to Mango Turkey; and that data subjects may obtain information about the breach via email, call center, and chatbot communication channels.
  • In the data breach notification submitted to the Board by İstanbul Golf İhtisas Sports Club, acting as the data controller, it was summarized that the breach was detected on 15.10.2025 upon the appearance of a message containing a ransom demand on the data controller’s computer; that encryption of the files on the computer was not successfully executed; that the group of affected data subjects consisted of subscribers/members; that the personal data affected included identity (Turkish ID number), contact (email, mobile or office phone), location (address), employment (marital status, criminal record), and professional experience information; and that the number of affected individuals has not yet been determined and the investigation is ongoing.
  • In the data breach notification submitted to the Board by Haydigiy E-Ticaret Tekstil Sanayi ve Ticaret Limited Şirketi, acting in its capacity as data controller, it was summarized that the breach, detected on 15.10.2025, had an unknown start date; that the breach was discovered following suspicious transaction reports submitted by certain customers, which led to an internal investigation revealing that unauthorized access had been obtained to an administrator account and that a code had been added to the website through this account; that the affected data subject groups were subscribers/members as well as customers and potential customers; that the affected personal data categories were contact, location, and financial information; that work was ongoing to determine the number of affected data subjects; and that data subjects could obtain information regarding the data breach through the website www.haydigiy.com, SMS messages titled “haydigiy,” and the email address info@haydigiy.com
  • In the data breach notification submitted to the Board by Cleverbridge GmbH (Tunisstraße 19-23, 50667 Cologne, Germany), acting in its capacity as data controller, it was summarized that the breach occurred on 10.09.2025 and was detected on 15.09.2025; that the breach took place due to unauthorized access to the data controller’s customer database; that the API was blocked by the information security team after noticing that it had been used in an unusual manner by an unknown IP address; that the personal data affected by the breach included name, company, email, payment method, last four digits of the card, card expiration date, pricing details of purchased products, and recurring billing details; that the affected data subject group consisted of customers and potential customers; and that the number of affected individuals was 1,235.

Related

View all

Legal Obligations of Cyber ​​Security Companies

With the Cyber ​​Security Law (“Law”), which entered into force on March 19, 2025, a comprehensive legal framework regulating cyber

Cyber ​​Security Law

The Cyber ​​Security Law (“Law”) was accepted by the TBMM General Assembly on 12.03.2025 and became law. The law includes

Amendments Made With The Omnibus Law

I. INTRODUCTION The law foreseeing changes within the scope of the 8th Judicial Package was published in today’s Official Gazette.