According to a new adequacy-decision published by the European Commission, South Korea provides an adequate level of protection of personal data under the General Data Protection Regulation (GDPR), such that data that is subject to the GDPR can be safely transferred to South Korea.

The adequacy decision was based on the South Korean personal data protection law named PIPA, which sets out European-grade privacy principles, and confers material supervision and enforcement powers to the South Korean national data protection commission. The South Korean law also complies with specific requirements raised by the European Commission, which include increased data subject transparency obligations.

With this adequacy decision, South Korea joins the 14 countries already recognized by the European Commission as adequate, including Japan, the UK, Canada, New Zealand, and Israel.