Republic of Korea: Articles 2 and 6-2 of Personal Information Protection Commission amendment to Standards for Measures to Ensure the Safety of Personal Information enter into force

On 31 October 2025, Articles 2 and 6-2 of the Personal Information Protection Commission amendment to Standards for Measures to Ensure the Safety of Personal Information enter into force. Article 2 covers the definitions of terms central to the order. Article 6-2 requires personal data processors with an average of 1'000'000 or more daily users to disconnect certain high-risk employee computers from the Internet. Employee computers considered high-risk are those of employees who have the authority to set system access rights for others and/or the authority to download or destroy personal information files from the system. An organisation can avoid this internet block if a formal risk analysis shows the risk is very low or that other strong protective measures are in place.