Data Protection in South Korea

Registration in South Korea

Under the PIPA, there is no general rule regarding the registration of personal data controller, however, a public institution which manages a personal information file (i.e. collection of personal information) shall register the following with the PIPC. A “public institution” in this context refers to any government agency or institution.

  • name of the personal information file;
  • basis and purpose of operation of the personal information file;
  • items of personal information which are recorded in the personal information file;
  • the method to process personal information;
  • period to retain personal information file;
  • person who receives personal information generally or repeatedly; and
  • other matters prescribed by the Presidential Decree.

The Presidential Decree of PIPA stipulates that the followings also shall be registered with the PIPC:

  • the name of the institution which operates the personal information file;
  • the number of subjects of the personal information included in the personal information file;
  • the department of the institution in charge of personal information processing;
  • the department of the institution handling the data subjects’ request for inspection of personal information; and
  • the scope of personal information inspection of which can be restricted or rejected and the grounds therefore only “public institutions” are required to register with the PIPC.

Continue reading

  • no results

Previous topic
Back to top