Law No. 9887 on Protection of Personal Data

Document type
(1) This law aims at defining the rules for the protection and legal processing of the personal data. 
(2) According to Article 2, the legal processing of the personal data shall respect and guarantee the fundamental rights and freedoms of persons and in particular their right to privacy. 
(3) Obligations of the Processor (Article 20). The controllers may recruit processors to process personal data. The processor shall guarantee lawful and safe use of data. All personal data processors shall have the following obligations: 
  • to process data only according to the instructions of the controller; not to transmit data unless so instructed by the controller;
  • to take all required safety measures, in compliance with this law and to employ operators who are bound by confidentiality; 
  • to create in agreement with the controller the necessary technical and organizational requirements for the fulfilment of the controller’s obligations to ensure the protection of data subjects’ rights; 
  • to hand over to the controller after the completion of the processing service all the results of processing and documentation containing data or to keep or destroy them on controller’s request; 
  • to make available to the controller all information necessary to control the compliance with the obligations stemming from the abovementioned provisions. 
Topic, claim, or defense
Privacy or Data Protection
Document type
Issuing entity
Legislative Branch
Type of service provider
General or Non-Specified
Type of law