Registration of domain names for Turkish registrants has become a lot harder since 01-01-2018.
In short, if you process data of registrants in Turkey there is a bunch of regulations to keep in mind.
It does not matter if your registrar business is located outside of Turkey.
ICANN really should ditch all these requirements to send data to registries, which would be a step in the right direction when it comes to the data minimization principles, which is covered in many data protection laws.
From the article.
The Regulation stipulates that a data controller, who is located outside of Turkey, must appoint and authorize a representative in Turkey (“Representative”) and register with the Registry via such Representative.
More information about the requirements can be read here.
Although Turkish Data Protection Law, which was published in the Official Gazette on 7 April 2016 (“Law”), has not clearly determined the territorial scope of the Law, the Regulation implicitly determined the territorial scope of the Law to cover data controllers based outside of Turkey. Hence, currently, persons, who are carrying out data protection activities that involve Turkey; but who are based outside of Turkey, are still obliged to comply with the Law, appoint a Representative and register with the Registry via such Representative.
For now I consider ICANN and Registries as the joint data controller when it comes to compliance with the regulations mentioned in the article.