No. 30892
Promulgation Date 2020-08-04
Ministry of the Interior and Safety
ALL
CHAPTER I GENERAL PROVISIONS
Article 1 (Purpose)
Article 2 (Scope of Public Institutions)
Article 3 (Scope of Visual Data Processing Devices)
CHAPTER II PERSONAL INFORMATION PROTECTION COMMISSION
Article 4 Deleted.
Article 4-2 (Prohibition on For-profit Activities)
Article 5 (Expert Committees)
Article 5-2 (Personal Information Protection Policy Council)
Article 5-3 (City/Provincial Inter-Agency Personal Information Protection Council)
Article 6 (Disclosure of Proceedings)
Article 7 (Dispatch of Public Officials)
Article 8 Deleted.
Article 9 (Allowances for Attendance)
Article 9-2 (Procedures for Advising Improvement of Policies, Systems, Statutes, and Regulations)
Article 9-3 (Procedures for Assessment of Data Breach Incident Factors)
Article 10 Deleted.
CHAPTER III PROCEDURES TO ESTABLISH MASTER PLANS AND IMPLEMENTATION PLANS
Article 11 (Procedures to Establish Master Plans)
Article 12 (Procedures to Establish Implementation Plans)
Article 13 (Scope of Materials Requested and Methods of Request)
Article 14 (Promotion and Support of Self-Regulation)
CHAPTER IV PROCESSING OF PERSONAL INFORMATION
Article 14-2 (Standards on Additional Use and Provision of Personal Information)
Article 15 (Control of Out-of-Purpose Use of Personal Information or Provision Thereof to Third Parties)
Article 15-2 (Matters subject to Notification, such as Sources of Personal Information Collected, and Methods of and Procedures for Notification)
Article 16 (Methods of Destroying Personal Information)
Article 17 (Methods of Obtaining Consent)
Article 18 (Scope of Sensitive Information)
Article 19 (Scope of Personally Identifiable Information)
Article 20 Deleted.
Article 21 (Measures to Ensure Safety of Personally Identifiable Information)
Article 21-2 (Persons Who Must Encrypt Resident Registration Numbers)
Article 22 (Exception to Limitation to Installation and Operation of Visual Data Processing Devices)
Article 23 (Gathering Opinions on Installation of Visual Data Processing Devices)
Article 24 (Posting of Notice on Signboard)
Article 25 (Policy on Operation and Management of Visual Data Processing Devices)
Article 26 (Outsourcing of Installation and Operation of Visual Data Processing Devices by Public Institutions)
Article 27 (Guidelines for Installing and Operating Visual Data Processing Devices)
Article 28 (Measures to be Taken when Outsourcing Personal Information Processing)
Article 29 (Notification of Transfer of Personal Information Following Business Transfer)
CHAPTER IV-II SPECIAL PROVISIONS ON PROCESSING OF PSEUDONYMIZED INFORMATION
Article 29-2 (Designation and Cancellation of Designation of Expert Data Combination Agency)
Article 29-3 (Combination of Pseudonymized Information Processed by Different Personal Information Controllers)
Article 29-4 (Management, and Supervision of Expert Data Combination Agency)
Article 29-5 (Measures to Ensure Safety of Pseudonymized Information)
Article 29-6 (Standards on Imposition of Penalty Surcharges with Respect to Processing of Pseudonymized Information)
CHAPTER V SAFEGUARD OF PERSONAL INFORMATION
Article 30 (Measures to Ensure Safety of Personal Information)
Article 31 (Details of Privacy Policy and Methods for Disclosure Thereof)
Article 32 (Function of Privacy Officer and Requirements for Designation)
Article 33 (Registered Items of Personal Information Files)
Article 34 (Registration, and Disclosure of Personal Information Files)
Article 34-2 (Criteria, Method, and Procedure for Certification of Personal Information Protection)
Article 34-3 (Fees for Certification of Personal Information Protection)
Article 34-4 (Revocation of Certification)
Article 34-5 (Follow-up Management of Certification)
Article 34-6 (Institutions Specializing in Certifying Personal Information Protection)
Article 34-7 (Certification Mark and Promotion)
Article 34-8 (Qualifications for Certification Examiners for Personal Information Protection and Grounds for Disqualification)
Article 35 (Object of Privacy Impact Assessment)
Article 36 (Consideration at the time of Privacy Impact Assessment)
Article 37 (Designation of PIA Institutions and Revocation of Designation)
Article 38 (Criteria for Privacy Impact Assessment)
Article 39 (Scope of Data Breach Notification and Where to Report)
Article 40 (Method and Procedure for Data Breach Notification)
Article 40-2 (Criteria for Imposition of Penalty Surcharges)
CHAPTER VI GUARANTEE OF RIGHTS OF DATA SUBJECTS
Article 41 (Procedures for Access to Personal Information)
Article 42 (Limitation to, and Postponement and Denial of, Access to Personal Information)
Article 43 (Correction, and Erasure of Personal Information)
Article 44 (Suspension of Processing Personal Information)
Article 45 (Scope of Representative)
Article 46 (Confirmation of Data Subjects or Representatives)
Article 47 (Amounts of Fees)
Article 48 (Establishing Access Request Support System)
CHAPTER VI-II SPECIAL PROVISIONS ON PROCESSING OF PERSONAL INFORMATION BY INFORMATION AND COMMUNICATIONS SERVICE PROVIDERS
Article 48-2 (Special Provisions on Measures to Ensure Safety of Personal Information)
Article 48-3 (Method of Confirming Legal Representative’s Consent)
Article 48-4 (Special Provisions on Notification and Report of Data Breach,)
Article 48-5 (Special Provisions on Destruction of Personal Information)
Article 48-6 (Notification of Details of Personal Information Usage)
Article 48-7 (Scope, and Standards of the Parties Required to Purchase an Insurance for Performance of Damage Compensation Responsibilities)
Article 48-8 (Institution Receiving Request for Deletion and Blocking of Exposed Personal Information)
Article 48-9 (Scope of Persons Required to Designate Local Representative)
Article 48-10 (Safeguards in the Event of Overseas Transfer of Personal Information)
Article 48-11 (Special Provisions on the Calculation Standards of Penalty Surcharges)
Article 48-12 (Imposition and Payment of Penalty Surcharges)
Article 48-13 (Interest Rate of Surcharge Refund)
CHAPTER VIII PERSONAL INFORMATION DISPUTE MEDIATION
Article 48-14 (Ex Officio Members)
Article 49 (Composition and Operation of Mediation Panels)
Article 50 (Secretariat)
Article 51 (Operation of Dispute Mediation Committee)
Article 52 (Incidents Eligible for Collective Dispute Mediation)
Article 53 (Commencement of Collective Dispute Mediation Proceedings)
Article 54 (Applications for Participation in Collective Dispute Mediation Proceedings)
Article 55 (Collective Dispute Mediation Proceedings)
Article 56 (Allowances and Travel Expenses)
Article 57 (Dispute Mediation Rule)
CHAPTER IX SUPPLEMENTARY PROVISIONS AND PENALTY PROVISIONS
Article 58 (Recommendation for Improvements and Disciplinary Action)
Article 59 (Reporting on Infringements)
Article 60 (Requests for Materials and Inspections)
Article 61 (Disclosure of Results)
Article 62 (Entrustment of Authority)
Article 62-2 (Processing of Sensitive Information and Personally Identifiable Information)
Article 62-3 (Review of Regulation)
Article 63 (Criteria for Imposition of Administrative Fines)
ADDENDA
ADDENDA <Presidential Decree No. 24425, Mar. 23, 2013>
ADDENDUM <Presidential Decree No. 25531, Aug. 6, 2014>
ADDENDA <Presidential Decree No. 25751, Nov. 19, 2014>
ADDENDA <Presidential Decree No. 25840, Dec. 9, 2014>
ADDENDA <Presidential Decree No. 26140, Mar. 11, 2015>
ADDENDA <Presidential Decree No. 26728, Dec. 22, 2015>
ADDENDUM <Presidential Decree No. 26776, Dec. 30, 2015>
ADDENDA <Presidential Decree No. 27370, Jul. 22, 2016>
ADDENDUM <Presidential Decree No. 27522, Sep. 29, 2016>
ADDENDA <Presidential Decree No. 28074, May 29, 2017>
ADDENDA <Presidential Decree No. 28150, Jun. 27, 2017>
ADDENDA <Presidential Decree No. 28211, Jul. 26, 2017>
ADDENDA <Presidential Decree No. 28355, Oct. 17, 2017>
ADDENDUM <Presidential Decree No. 29421, Dec. 24, 2018>
ADDENDUM <Presidential Decree No. 30509, Mar. 3, 2020>
ADDENDUM <Presidential Decree No. 30833, Jul. 14, 2020>
ADDENDA < No. 30892, Aug. 4, 2020. >