Meeting Data Security Compliance around the World

Home / Data security / Meeting Data Security Compliance around the World

Korea Data Security Compliance

Long exposure photograph of cars passing in front of an historical building with a modern building in the background at night.

National Legislation:

Scope of Legislation:

  • Applies to Korean companies and companies that are established abroad but process personal information in Korea.
  • Public institutions, corporate bodies, organizations or individuals who manage personal information directly or via another person.
  • Any personnel who is delegated with the responsibility to process personal information (responsible for compliance).

Security Method/Requirements:

  • Data controllers must take “technical, administrative, and physical measures necessary for security safety […] in order to prevent personal information from loss, theft leakage, alteration or damage”. These may include:
    • Appointing an internal privacy officer and establishing an official statement of security.
    • Implementing limitations to access and control, store access records, apply encryption technology, install, and renew security programs.

International Transfer of Data:

  • Requires consent from the information subject prior to any transfer of personal information to a third party.
  • Any transfer of personal information abroad must be preceded by not only consent but also certain technical, managerial, and physical protection measures.

Other Details:

  • The Ministry of Government Administration and Home Affairs (MOGAHA) has guidelines and details of required security measures.
  • The legislation states that security needs “necessary measures” and mentions the use of safeguards “including encryption”.
MyDiamo
MyDiamo
Comprehensive encryption security for open source databases. We provide transparent and column-level encryption, key management, and access control and auditing for MySQL, MariaDB, and PerconaDB.
Related Posts