Republic of Korea: Adopted PIPC Guide on Application of Personal Information Protection Act for Overseas Businesses

On 4 April 2024, the Personal Information Protection Commission (PIPC) adopted the Guide on the Application of Personal Information Protection Act for Overseas Businesses. The guide specifies that businesses are subject to the Act's obligations if they are providing goods or services to Korean data subjects, the processing of personal data affects Korean data subjects, or they are conducting operations in Korea where personal data is processed. The businesses falling within one of the 3 categories are required to comply with data collection consent requirements, cross-border data transfer obligations, disclosing processing policies and safeguarding data subject rights such as access, correction, deletion, and suspension. Furthermore, the guide specifies that oversees businesses are required to appoint a domestic representative if their total sales for the preceding year surpassed KRW 1 trillion, they stored or processed personal data of Korean data subjects averaging over 1 million people during the last three months, or the PIPC has mandated the appointment of a domestic representative.