Enforcement Decree Includes Ban on Concurrent Positions for Personal Information Protection Commission Members
GDPR Consulting for SMEs Also Promoted
[Asia Economy Reporter Jin-kyu Lee] The Korea Internet & Security Agency (KISA) is preparing new guidelines for personal information processing as a follow-up measure after the passage of the Data 3 Act (amendments to the Personal Information Protection Act, the Act on Promotion of Information and Communications Network Utilization and Information Protection, and the Credit Information Act).
According to KISA on the 29th, KISA is considering revising and consolidating guidelines on personal information processing by taking into account the characteristics of information in various industrial sectors such as healthcare and welfare, finance, employment, and education. Oh Yong-seok, head of KISA's Personal Information Policy Division, explained, "We are reviewing plans to revise and consolidate the existing 42 guidelines currently in use."
KISA also plans to explain newly introduced concepts and contents from the amendments to the Personal Information Protection Act through a legal commentary, using specific examples and cases.
KISA and related government ministries are preparing follow-up measures such as enforcement decrees, notifications, guidelines, and legal commentaries to specify the Data 3 Act. The enforcement decree for the Data 3 Act is expected to be announced for legislative notice next week. The enforcement decree includes provisions such as ▲prohibition of concurrent positions for members of the Personal Information Protection Commission ▲transfer of jurisdiction from the Ministry of the Interior and Safety and the Korea Communications Commission to the Personal Information Protection Commission ▲standards for pseudonymized information combination, export, and safety measures.
Meanwhile, KISA has also launched a support project for domestic small and medium-sized enterprises to comply with the European Union's General Data Protection Regulation (GDPR). GDPR refers to the personal data protection law uniformly applied across 27 EU countries. KISA plans to provide GDPR information and promote consulting for regulatory compliance targeting domestic companies that have already entered or plan to enter the EU market.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
