( June 2, 2026, 02:32 GMT | Official Statement) -- MLex Summary: Public consultation began Tuesday on South Korea’s draft decree to strengthen prevention and early response to personal-data breaches, with comments due by July 13. According to the Personal Information Protection Commission, the rules follow Personal Information Protection Act amendments promulgated on March 10 and set to take effect Sept. 11. They would require major data controllers to obtain board approval and report to the regulator when appointing, changing or removing chief privacy officers, and would set criteria for mandatory ISMS-P certification. They would also require companies to notify individuals within 72 hours when they become aware of unauthorized system access or illegal trading or distribution of personal data, even before a confirmed breach. The proposal additionally expands breach notification and reporting to cover falsification, alteration and damage of personal data, while revising administrative-fine rules.Statement is attached (in Korean)....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.