The Data Protection (Adequacy) (Republic of Korea) Regulations 2022
In accordance with section 17A(1) and (3) of the 2018 Act, the Secretary of State considers that the Republic of Korea ensures an adequate level of protection of personal data for certain transfers.
Citation, commencement and extent1.
(1)
These Regulations may be cited as the Data Protection (Adequacy) (Republic of Korea) Regulations 2022.
(2)
These Regulations come into force on 19th December 2022.
(3)
These Regulations extend to England and Wales, Scotland and Northern Ireland.
Adequate level of protection2.
(1)
(2)
Independent supervisory authorities3.
(a)
the Personal Information Protection Commission established by Article 7 of the Personal Information Protection Act as it forms part of the law of the Republic of Korea; and
(b)
These Regulations specify the Republic of Korea as a country which provides an adequate level of protection of personal data for the purposes of Part 2 of the Data Protection Act 2018 (“the 2018 Act”) and the UK GDPR (defined in section 3 of the 2018 Act). This means that personal data can be transferred to natural or legal persons in the Republic of Korea who are subject to Korean data protection legislation (specifically the Personal Information Protection Act) without the need for any specific authorisation. “Personal data” is defined in Article 4(1) of the UK GDPR and has the same meaning in Part 2 of the 2018 Act by virtue of section 5 of that Act.
A full impact assessment of the effect that this instrument will have on the costs of business, the voluntary sector and the public sector is published with the explanatory memorandum alongside this instrument on www.legislation.gov.uk. Hard copies can be obtained from the offices of the Department for Digital, Culture, Media and Sport, 100 Parliament Street, London SW1A 2BQ.