Data & Privacy

Yes, you may receive compensation for damages caused by a data breach under South Korea’s Personal Information Protection Act (PIPA), including actual losses and statutory damages up to ₩3 million.

Yes, you can request deletion of your personal data under South Korea’s Personal Information Protection Act (PIPA), and the data controller must comply without undue delay.

In South Korea, you can block spam texts using your carrier’s free blocking service or report them to the Korea Communications Commission (KCC) — no court action is needed.

Yes, under South Korea’s Personal Information Protection Act (PIPA), you have the right to know the purpose for which your personal data is being processed.

In South Korea, withdrawing consent for personal data processing is legally binding, and companies must stop processing immediately upon withdrawal under the Personal Information Protection Act.

Under South Korean law, you have the right to request deletion of your personal information from websites, and operators must comply without undue delay.

In South Korea, collecting personal data without consent is generally illegal under the Personal Information Protection Act (PIPA), unless a specific exception applies.

Yes, consent from a parent or legal guardian is required to collect personal data from a child under 14 years old in South Korea.

Yes, explicit consent is required before collecting or using cookies in South Korea, except for strictly necessary cookies.

Yes, AI can learn from your personal data in South Korea—but only with your explicit consent and under strict conditions set by the Personal Information Protection Act.

In South Korea, a company generally cannot share your personal data with a third party without your prior, explicit consent — unless an exception under the Personal Information Protection Act applies.

A privacy policy in South Korea must include the purpose of personal data collection, categories of data collected, retention period, third-party sharing details, and the rights of data subjects.

A Privacy Impact Assessment (PIA) must be conducted before introducing or significantly modifying any information system that processes personal data in South Korea.

Yes, CCTV recording is legal in South Korea if it’s in public or semi-public areas and complies with the Personal Information Protection Act (PIPA) — including proper signage and purpose limitation.

MyData is a South Korean data governance framework that gives individuals legal rights to access, control, and share their personal data with trusted third parties.

No, collecting resident registration numbers (RRNs) is generally prohibited under South Korea's Personal Information Protection Act, except for strictly limited statutory exceptions.

Yes, but only under strict conditions: with employee consent, for legitimate business purposes, and in compliance with the Personal Information Protection Act and Labor Standards Act.

You can file a complaint with the Personal Information Protection Commission (PIPC) online, by mail, or in person. No fee is required, and complaints must be filed within 3 years of the violation.

Fines for violating South Korea’s Personal Information Protection Act (PIPA) range from ₩10 million to ₩100 million, depending on the violation type and severity.

Yes, you can request correction of incorrect credit information from the credit information company under South Korea’s Credit Information Act.

In South Korea, personal information controllers must notify the Personal Information Protection Commission (PIPC) and affected individuals without delay—within 72 hours of becoming aware of a data breach—if the breach poses a risk of harm.

A data processor in South Korea must implement technical and organizational security measures to protect personal data from leakage, loss, or damage, and must comply with instructions from the data controller.

Yes, consent is generally required before transferring personal data overseas from South Korea, unless an exception applies under the Personal Information Protection Act.

Pseudonymized data processing in South Korea means replacing personal identifiers with artificial identifiers so that data cannot be attributed to a specific individual without additional information, which must be kept separately and subject to technical/organizational safeguards.