Republic of Korea: Personal Information Protection Commission released integrated guide on personal data processing

On 11 July 2025, the Personal Information Protection Commission (PIPC) released the integrated guide on personal data processing. The guide consolidates and replaces previous guidance documents, including the “Plain-Language Consent Guide”, the “Outsourcing Guide”, the “Personal Data Protection Measures Guide”, and the “Automated Processing Protection Guidelines”. It systematises amendments introduced by the 2023 full revision of the Personal Information Protection Act (PIPA), incorporating precedents and decisions. The contents include clarification that personal data required to fulfil or perform service contracts does not require separate consent, while all such processing must be transparently notified. The guide reflects new provisions permitting processing without consent in urgent cases to protect life, body, or property, and in public safety emergencies, provided safety and destruction obligations are observed. It outlines conditions under which additional use or provision of personal data is allowed, distinguishes between ongoing and one-time cases, and defines obligations of data recipients under Article 19. It also addresses the destruction of unnecessary personal data in cases of contract termination, bankruptcy, or business closure, and presents implementation practices for managing subcontracted data processing, including through certification-based inspection regimes. The guide further provides updated interpretations on legal grounds under Articles 15 and 17, outlines modifications under Article 18 concerning use beyond purpose, and explains the repeal of the validity period regulation under Article 39-6.