BAILII is celebrating 24 years of free online access to the law! Would you consider making a contribution?
No donation is too small. If every visitor before 31 December gives just £1, it will have a significant impact on BAILII's ability to continue providing free access to the law.
Thank you very much for your support!
[Home] [Databases] [World Law] [Multidatabase Search] [Help] [Feedback] | ||
United Kingdom Statutory Instruments |
||
You are here: BAILII >> Databases >> United Kingdom Statutory Instruments >> The Data Protection (Adequacy) (Republic of Korea) Regulations 2022 No. 1213 URL: http://www.bailii.org/uk/legis/num_reg/2022/uksi_20221213_en_1.html |
[New search] [Help]
This is the original version (as it was originally made)This is the original version (as originally ). This item of legislation is currently only available in its original format.
Statutory Instruments
DATA PROTECTION
Made
21st November 2022
Laid before Parliament
23rd November 2022
Coming into force
19th December 2022
The Secretary of State makes these Regulations in exercise of the powers conferred by section 17A(1), (3), (5) and (6) of the Data Protection Act 2018 (“ the 2018 Act”)( 1).
In accordance with section 17A(1) and (3) of the 2018 Act, the Secretary of State considers that the Republic of Korea ensures an adequate level of protection of personal data for certain transfers.
In accordance with section 182(2) of the 2018 Act, the Secretary of State has consulted the Commissioner( 2) and such other persons as the Secretary of State considers appropriate.
1.—(1) These Regulations may be cited as the Data Protection (Adequacy) (Republic of Korea) Regulations 2022.
(2) These Regulations come into force on 19th December 2022.
(3) These Regulations extend to England and Wales, Scotland and Northern Ireland.
2.—(1) For the purposes of Part 2 of the Data Protection Act 2018( 3) and the UK GDPR( 4), the Secretary of State specifies the Republic of Korea as ensuring an adequate level of protection of personal data( 5) for a transfer described in subsection (2).
(2) A transfer described by this subsection is a transfer of personal data to a person in the Republic of Korea who is subject to the Personal Information Protection Act as that Act forms part of the law of the Republic of Korea and has effect from time to time( 6).
3. The independent supervisory authorities( 7) in the Republic of Korea are—
(a) the Personal Information Protection Commission established by Article 7 of the Personal Information Protection Act as it forms part of the law of the Republic of Korea; and
(b) the Financial Services Commission established by Article 3 of the Act on the Establishment of Financial Services Commission as it forms part of the law of the Republic of Korea( 8).
Michelle Donelan
Secretary of State
Department for Digital, Culture, Media and Sport
21st November 2022
(This note is not part of the Regulations)
These Regulations specify the Republic of Korea as a country which provides an adequate level of protection of personal data for the purposes of Part 2 of the Data Protection Act 2018 (“ the 2018 Act”) and the UK GDPR (defined in section 3 of the 2018 Act). This means that personal data can be transferred to natural or legal persons in the Republic of Korea who are subject to Korean data protection legislation (specifically the Personal Information Protection Act) without the need for any specific authorisation. “Personal data” is defined in Article 4(1) of the UK GDPR and has the same meaning in Part 2 of the 2018 Act by virtue of section 5 of that Act.
A full impact assessment of the effect that this instrument will have on the costs of business, the voluntary sector and the public sector is published with the explanatory memorandum alongside this instrument onwww.legislation.gov.uk. Hard copies can be obtained from the offices of the Department for Digital, Culture, Media and Sport, 100 Parliament Street, London SW1A 2BQ.
2018 c. 12; section 17A was inserted by S.I. 2019/419, Schedule 2, paragraphs 1 and 23.
“The Commissioner” is defined in section 3(8) of the Data Protection Act 2018.
The “UK GDPR” is defined in section 3(10) of the Data Protection Act 2018 (“ the 2018 Act”).
“Personal data” is defined in Article 4(1) of the UK GDPR and has the same meaning in Part 2 of the 2018 Act by virtue of section 5 of that Act.
Electronic copies of this legislation can be obtained from www.gov.uk/government/publications/uk-data-adequacy-for-the-republic-of-korea-supporting-documents in English or Korean. Hard copies can also be inspected during office hours and free of charge at the offices of the Department for Digital, Culture, Media and Sport, 100 Parliament Street, London SW1A 2BQ.
Referred to in Article 45(2)(b) of the UK GDPR.
Electronic copies of this legislation can be obtained from www.gov.uk/government/publications/uk-data-adequacy-for-the-republic-of-korea-supporting-documents in English or Korean. Hard copies can also be inspected during office hours and free of charge at the offices of the Department for Digital, Culture, Media and Sport, 100 Parliament Street, London SW1A 2BQ.