Fake Hotel Website Fraudsters Arrested


A swindling crime ring made $90,000 by collecting money through fake hotel websites, it has been revealed after a police operation in which 11 suspects were detained in the touristic southwestern Muğla province. “Tourism establishments have been under threat from cyber-gangs in recent years. We have reported the situation to the provincial police directorate in Muğla. The operation took nearly one year,” said Tunç Batum, vice president of the South Aegean Touristic Hoteliers and Operators Association. “At the end of the operation 11 people were brought to court. Two of them were arrested. Another gang member is sought in the Netherlands,” he added. The websites of more than 10 hotels in Muğla were duplicated by the gang members, who received online payments of almost 500,000 Turkish Liras ($90,000) from holidaymakers, according to Batum. The hotel of which Batum is the general manager, Hilton Dalaman Sarıgerme, was involved in the case. “Most of the defrauded people will be able to get their money back because the gang’s accounts were frozen,” said Batum. “The fake websites appear on top of the search pages due to advertisements. We have notified the search engine administrators many times, but it is not possible to say that they have taken the necessary measures,” he said. Informatics expert and lawyer Mehmet Ali Köksal has warned holidaymakers to check the exact domain names of the hotels carefully before making payments. “This method [of defraud] is called phishing,” he said, adding that customers should not hesitate to phone the hotels in case of suspicion.   Kaynak: Hürriyet – Burak Coşan

Read more

Obligation for Registration to Data Controllers Registry: Compulsory Registration Dates and Exceptions


As per Article 16 of the Law on the Protection of Personal Data No. 6698 (“KVKK”), the natural and legal persons that process personal data are obliged to register to the Data Controllers Registry (“VERBIS”) before commencing data processing.   According to Article 16/2 of the KVKK, the objective criteria to be determined by the Personal Data Protection Authority (“Authority”) such as the nature of the personal data pertaining to the obligation for registration to VERBIS, the number of the data processing originating from the law or the transfer of data to third parties, may be taken into consideration as an exception.   The obligation to register before VERBIS and the criteria for the exceptions to be taken to this obligation are regulated in detail by the Authority which was published in the Official Gazette on December 30th, 2017.   In accordance with the decision of Authority No. 2018/32 published in the Official Gazette dated 15.05.2018, the exceptions to the registration obligation of VERBIS are as follows:   Those who process personal data only in non-automated ways, as part of any data recording system Notaries operating in accordance with the Notary Law No. 1512 The associations which established in accordance with the Law on Associations No. 5253, the foundations which established in accordance with the Law on Foundations No. 5737 and the Law No. 6356 on Trade Unions and Collective Labor Agreements which process personal data for members and donors, are limited only to their respective employees and members Political parties which established in accordance with the Law no. 2820 on Political Parties Lawyers which in business under the Law No. 1136 on Attorneys’ Act Independent accountant and financial advisor and certified councillorship which in business under the Law No. 3568 on Certified Public Accountancy and Sworn in Certified Public Accountancy   According to the decision of the Authority published in the Official Gazette dated 18.08.2018, the scope of exceptions was extended as follows:   Customs Brokers and Authorized Customs Brokers operating under the Customs Law No. 4458 Mediators Legal entity or real person controllers that have less than 50 employees and a sum of annual balance sheet amounting less than TRY 25 million and do not engage in the processing of sensitive data as their core business activity.   Starting Dates of Registration Obligation   As per the 2018/88 decision no. 2018/88 issued by the Authority, the deadline for the  date on the obligation to registrationer to VERBIS is determined as follows.   Data Controller Start of Registration Obligation Duration for Completion of Records Deadline for Registration Data controllers having more than 50 employees or annual balance sheet total of more than 25 million TL 01.10.2018 12 Months 30.09.2019 Data controllers residing abroad 01.10.2018 12 Months 30.09.2019 Data controllers having less than 50 employees and annual balance sheet total of less than 25 million TL but their main field of operation is processing of sensitive (special categories of) data. 01.10.2018 15 Months 30.09.2019 Data controllers that are governmental institutions and organizations 01.04.2019 15 Months 30.06.2020

Read more