A detailed legal guide to HR audits and employment compliance reviews in Turkey, covering employment contracts, personnel files, payroll, working time, social security, OHS, data protection, foreign workers, collective labor issues, and dismissal risk.
An HR audit is not just an internal housekeeping exercise. In Turkey, it is one of the most effective ways for a company to identify labor-law exposure before that exposure becomes an inspection, administrative fine, employee claim, mediation file, or reinstatement lawsuit. A proper review should test whether the employer’s actual practices match the legal framework created by Labour Act No. 4857, the Turkish Code of Obligations, Social Insurance and General Health Insurance rules, Occupational Health and Safety Law No. 6331, the Personal Data Protection Law No. 6698, Law No. 6356 on Trade Unions and Collective Labour Agreements, the remote-work regime, and the work-permit rules for foreign employees. In other words, an HR audit in Türkiye is not only about documents. It is about whether the company’s workforce model is legally sustainable.
The legal reason audits matter is straightforward. Labour Act No. 4857 applies broadly to workplaces, employers, employer representatives, and employees within its scope, and it ties employers to obligations relating to working conditions, working time, pay, records, inspections, and termination. Occupational health and safety law applies to almost all public and private workplaces and imposes prevention, training, risk-assessment, and health-surveillance duties. KVKK applies whenever personal data are processed by automated means or in a filing system. A company may therefore be fully operational and still be noncompliant in several overlapping legal areas at once.
A useful way to think about an employment compliance review is to divide it into seven core blocks: workforce structure and registration, contracts and handbook architecture, payroll and working-time compliance, personnel files and inspection readiness, social security and foreign-worker compliance, occupational health and safety controls, and employee-data governance. A mature audit then adds two more blocks: collective labor and union risk, and dismissal and dispute preparedness. Each block has its own legal source, but in practice they interact continuously. An overtime problem can become a payroll issue, a data-retention issue, an OHS fatigue issue, and a termination-defense problem at the same time.
1. Workforce structure and basic registration
A company cannot audit compliance properly if it does not first know who is actually working for it and on what basis. Labour Act Article 2 defines the basic concepts of worker, employer, employer representative, and workplace. Article 3 then requires employers establishing, taking over, materially changing, or closing a workplace within the Act’s scope to notify the competent authority within one month, and it also imposes a registration logic for subcontracting arrangements. This makes the first audit question foundational: who are the direct employees, who are the subcontractor workers, which entities are employing them, and which workplace registrations support that structure.
The same structural review should include foreign nationals. The Ministry of Labour states that foreigners within the scope of Law No. 6735 must obtain a work permit or a work permit exemption before starting to work in Türkiye, and that foreigners working without valid authorization are exposed to criminal and administrative consequences. The Ministry also explains that work permits are employer- and job-specific in ordinary cases, and that the foreigner must begin work by fulfilling social-security obligations within the relevant legal timeframe after permit issuance or entry into Türkiye. An HR audit that ignores foreign-worker authorization is missing a major compliance risk. (Çalışma ve Sosyal Güvenlik Bakanlığı)
2. Employment contracts and document architecture
One of the most important audit questions is whether employment documents match legal reality. Labour Act Article 8 defines the employment contract and states that contracts of one year or more must be in writing. Where no written contract exists, the employer must still provide a written document within two months showing the general and special conditions of work, daily or weekly working time, wage and supplements, duration if fixed-term, and termination conditions. For audit purposes, that means the absence of a signed long-form contract does not eliminate documentary obligations; it only shifts them into another form.
The audit should then test whether contract type is correctly chosen. A company using fixed-term contracts for roles that are actually ongoing may be building future reclassification and dismissal risk into its own paperwork. The same is true for probation clauses, confidentiality clauses, mobility clauses, bonus language, and references to handbooks or annexed regulations. In Turkish law, the paperwork should reflect the true employment model, not only the employer’s preference for flexibility. This is a legal and strategic point, not merely a clerical one.
Handbooks and HR manuals should be reviewed with similar care. Under Article 22 of the Labour Act, substantial changes in working conditions arising from the employment contract, annexed personnel regulations, similar sources, or workplace practice require written notice, and they do not bind the employee unless accepted in writing within six working days. This means internal manuals can have legal significance, but they are not a magic instrument for unilateral change. An audit should therefore ask which handbook rules were incorporated at hiring, which were changed later, and whether later material changes were rolled out with the Article 22 process where necessary.
3. Payroll, wage slips, and working-time compliance
Payroll review is one of the most important parts of an HR audit because many inspection risks and employee claims emerge there first. Article 32 of the Labour Act defines wages broadly as money paid in return for work and regulates the basic framework for payment. Article 37 requires the employer to provide a signed or specially marked wage slip showing the payment date, the relevant period, and additions to base wage such as overtime, weekly-rest, national-holiday, and general-holiday payments, together with deductions such as tax and social-security contributions. A company that pays correctly but documents poorly is still exposed.
Working-time compliance should be audited next. Article 41 states that overtime consists of work exceeding forty-five hours per week, subject to the statutory framework, and the 2026 administrative fine schedule published by the Ministry shows that employers may be fined per affected worker for failing to pay overtime correctly, failing to grant the corresponding free time within six months, or failing to obtain employee consent for overtime work. That means an audit should not only compare contracts to timesheets. It should also test overtime approvals, time-record reliability, equalization practices, and whether payroll classifications match the legal structure of overtime and extra hours.
Leave administration belongs in the same block. Annual leave, weekly rest, and holiday pay problems often surface through payroll and rosters rather than through contracts. An audit should verify whether leave records exist, whether balances are calculated lawfully, whether public-holiday work is paid correctly, and whether unpaid and paid leave categories are being confused. These issues become particularly important at exit stage, where unused-leave pay and notice-period calculations often trigger claims.
4. Personnel files and inspection readiness
A proper HR audit must include personnel-file compliance. Article 75 of the Labour Act requires the employer to maintain a personnel file for each worker, keep all documents and records required by the Labour Act and other laws, and show them to competent officers and authorities when requested. The same article also requires the employer to use information about the worker lawfully and in accordance with honesty and not disclose information the worker has a justified interest in keeping secret. This means the personnel file is both a compliance archive and a confidentiality-sensitive zone.
Inspection preparedness is a separate issue. Article 92 authorizes labor inspectors to review workplaces, appendices, work methods, related documents, equipment, and materials. Article 96 then prohibits employers from pressuring workers whose statements are sought by inspectors, from pushing them to hide or alter the truth, or from mistreating them because they gave information to the authorities. The Ministry’s 2026 fine schedule shows significant penalties for failing to cooperate with inspections and for interfering with worker statements, and it separately lists a fine for not maintaining the personnel file required by Article 75. For audit purposes, that means the company should test not only whether the files exist, but whether managers know how to behave during an inspection.
This part of the review should also cover evidentiary quality. A file full of unsigned warnings, incomplete defense letters, unclear salary amendments, or missing acknowledgments may satisfy no one in litigation. An HR audit should therefore ask whether the documents in the file are legally usable, not merely whether they are present. That distinction becomes decisive in dismissal disputes and labor inspections.
5. Social security compliance and SGK-facing duties
A company can appear labor-law compliant while remaining highly exposed on the social-security side. SGK’s official employer-obligations page states that, for employees insured under Article 4/1(a) of Law No. 5510, the insured employment-entry declaration must generally be filed through the e-insurance channel at least one day before work begins, subject to limited exceptions. The same page states that the insured exit declaration must be filed within ten days after the contract ends. These are not optional administrative details. They are part of baseline employer compliance. (Sosyal Güvenlik Kurumu)
For an HR audit, this means employee onboarding and offboarding should be tested against SGK timing. The company should verify whether hires were reported on time, whether internal start dates match SGK records, whether exits were coded and filed correctly, and whether payroll and social-security systems are aligned. The same audit should also review whether internal HR transfers, branch movements, or changes in employer entity were handled consistently with SGK registration rules. (Sosyal Güvenlik Kurumu)
The audit should also ask whether the company is using social-security incentives correctly and lawfully. SGK publishes current premium incentive, support, and discount materials, but misuse or assumption-based application can create later exposure. Even where a company benefits from incentives, it should be able to show that the underlying employment and reporting records are accurate. Incentive use without documentation discipline is not a compliance strategy. (Sosyal Güvenlik Kurumu)
6. Occupational health and safety as an HR audit block
OHS is often audited separately by technical teams, but that is a mistake. Article 4 of Law No. 6331 places the general responsibility on the employer to ensure worker health and safety in every aspect related to work, including prevention, information, training, organization, and adaptation of measures to changing conditions. Article 6 requires employers to appoint or procure occupational safety specialists, occupational physicians, and other health staff where required. Article 10 requires a risk assessment. Article 15 requires health surveillance. Article 17 requires adequate training. Article 18 requires consultation with and participation of workers. Article 22 requires an OHS committee in enterprises where at least fifty employees are employed and permanent work is carried out for more than six months.
Every one of those obligations has an HR dimension. Headcount drives whether an OHS committee threshold is reached. Hiring decisions affect whether people are placed into roles requiring medical fitness or vocational training. Onboarding controls whether safety training is given on recruitment. Transfer and promotion practices affect whether fresh health surveillance or retraining is needed. Return-to-work management matters for post-absence health review. If HR is not integrated into the OHS compliance structure, the company may have technically correct OHS policies on paper but weak personnel-level implementation.
The Ministry’s OHS fines framework reinforces the seriousness of this block. The Ministry’s 2026 OHS penalties page and the statutory fine provisions in Law No. 6331 show a structure where some violations are sanctioned per obligation, some per worker, and some per month until corrected. An HR audit should therefore assess not only whether OHS duties were technically assigned, but whether they are documented well enough to survive inspection and whether the company’s headcount and hazard classification assumptions are still correct. (Çalışma ve Sosyal Güvenlik Bakanlığı)
7. Data protection and employee-data governance
Any serious employment audit in Türkiye must include KVKK. Article 1 says the purpose of the Personal Data Protection Law is to protect fundamental rights and freedoms, especially privacy, with respect to the processing of personal data and to set out the obligations, principles, and procedures binding on data controllers. Article 2 states that the law applies to natural persons whose data are processed and to controllers processing such data by automated means or as part of a data filing system. This means that an HR department handling CVs, ID records, payroll data, medical files, disciplinary records, and monitoring logs is operating inside a data-protection regime whether it thinks of itself that way or not. (KVKK)
An audit should therefore ask at least six questions. What employee and candidate data are being processed. On what legal basis. With what notice. Who can access them. Whether any special category data are involved. And when the data are erased, destroyed, or anonymized. The by-law on erasure, destruction, and anonymization exists precisely because HR files are often kept far longer than the original purpose justifies. A compliant HR review should therefore examine retention and disposal, not only collection. (KVKK)
This block is especially important in recruitment and investigations. The Board’s published decisions have already criticized excessive recruitment-stage document requests and unlawful sharing of applicant data, including within group-company structures. An employment-compliance review should therefore test candidate screening, reference-check practices, and cross-border data flows as part of the audit, not as a side project. (KVKK)
8. Collective labor, union exposure, and representative protection
Companies often ignore union law until a visible organizing effort begins. That is usually too late. Law No. 6356 regulates union rights, collective bargaining, workplace representatives, anti-union discrimination, and bargaining authority. Article 25 protects freedom of association and prohibits making recruitment or continued employment conditional on joining or not joining a union; it also prohibits discrimination between union members and non-members regarding working conditions or termination, subject to collective-agreement wage-benefit rules, and it provides for at least one year’s wage in union compensation where the employer violates the rule. Article 41 governs collective-bargaining authority and uses a one-percent branch-of-activity threshold plus workplace or enterprise majority thresholds. (Çalışma ve Sosyal Güvenlik Bakanlığı)
For HR audits, this means two things. First, the company should know whether it is already union-exposed in terms of workforce composition, branch classification, and representative protection. Second, it should review whether its rules, promotion decisions, discipline, and termination practices could later be interpreted as anti-union. This is especially important because workplace union representatives receive enhanced protection under Article 24, including strong rules against dismissal and unilateral workplace or substantial work change without written consent. (Çalışma ve Sosyal Güvenlik Bakanlığı)
A further audit question is whether collective labor agreements apply directly or indirectly. Article 36 says individual employment contracts may not contradict a collective labor agreement and that less favorable individual terms are replaced by collective-agreement terms. A company using standard HR templates without checking collective-agreement coverage may therefore be building invalid or unenforceable clauses into its own documentation. (Çalışma ve Sosyal Güvenlik Bakanlığı)
9. Remote work and modern working models
Remote and hybrid work arrangements should also be audited. The Remote Work Regulation applies to remote workers and employers under Article 14 of Labour Act No. 4857 and regulates the procedures and principles of remote work, including data protection and business rules. That means a company that uses remote work informally, without proper written structuring, equipment records, communication rules, and data-protection clauses, may be compliant operationally but weak legally. (Çalışma ve Sosyal Güvenlik Bakanlığı)
This block should also be tested against working-time and expense handling. Remote work does not eliminate overtime rules, wage-slip requirements, personnel-file duties, or privacy obligations. The audit should therefore examine whether remote workers’ arrangements are reflected in contracts or addenda, whether monitoring and access rules were disclosed properly, and whether the employer’s actual digital-work practices match its written model. (Çalışma ve Sosyal Güvenlik Bakanlığı)
10. Termination readiness and dispute prevention
A strong HR audit should end with dismissal preparedness. Many employment disputes in Turkey arise not because the employer lacked a business reason, but because the file was not legally ready when termination occurred. Labour Act Article 22 governs substantial change procedures. Article 19 governs written and precise termination notices and, in conduct or performance cases, the employee’s defense right. Article 20 and the Labour Courts Act route many disputes first into mandatory mediation. If the company’s records, warnings, defense letters, salary slips, leave balances, and personnel files are weak, a later dismissal can become hard to defend even where the business rationale is real.
This is also where an audit becomes strategically valuable. If the company reviews dismissal architecture before conflict, it can correct weak clauses, missing acknowledgments, inconsistent warnings, unclear policy incorporation, and overtime or leave anomalies before those issues appear in mediation or court. In practical terms, the best HR audit is often the one that prevents a future reinstatement case rather than the one that merely inventories yesterday’s documents. (Adalet Bakanlığı)
11. Why administrative fines matter in audit design
Administrative fines give employment audits real urgency. The Ministry’s 2026 schedule for Labour Act fines shows separate sanctions for failures such as not maintaining personnel files, failing to comply with working-time regulations, not paying overtime properly, not obtaining overtime consent, interfering with inspections, and pressuring workers who give statements to inspectors. The Ministry also separately publishes 2026 fine schedules for Law No. 6356 and for Law No. 6331. This means a company may face enforcement not only after an employee claim, but also after a labor or OHS inspection, and the penalties may accumulate per worker, per obligation, or per month depending on the statute.
For audit planning, this means the employer should prioritize issues that are both common and sanctionable: personnel files, wage slips, overtime approvals, OHS training and health surveillance, risk assessments, representative structures, foreign-work authorization, and data-governance gaps. An audit should not try to correct everything at once with equal urgency. It should rank risks by statutory exposure, likelihood of inspection, and litigation impact.
Conclusion
In Turkey, HR audits and employment compliance reviews for companies are best understood as preventive legal work. They are not limited to checking whether contracts are signed. A serious review tests workplace registration, employee onboarding and offboarding, contract architecture, handbook incorporation, payroll and overtime, annual leave, personnel files, inspection readiness, SGK timing, foreign-work authorization, OHS governance, data-protection controls, union and collective-labor exposure, remote-work structuring, and dismissal preparedness. Each of those areas is tied to a specific statutory framework, and weakness in any one of them can become a fine, claim, or lawsuit later.
The strongest companies treat the HR audit as a management system review rather than a file-counting exercise. They ask whether the company’s real employment model matches the law, whether managers are acting consistently with written rules, whether documents are usable in an inspection or mediation setting, and whether the business is accumulating avoidable liabilities through routine habits. When an audit is done that way, it becomes far more than a compliance checklist. It becomes a legal early-warning system for the entire employment relationship. (Adalet Bakanlığı)
Yanıt yok