Employee Data Privacy

South Korea - Cross-Border Data Transfer

 Download as a PDF

Are there any restrictions on transferring personal data and how can these be overcome?

Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.

Under the Personal Information Protection Act (PIPA), employers are not required to obtain the consent of employees when outsourcing the processing of personal information. Similarly, consent is not required if the processing of personal information is outsourced to a foreign entity, but employers must include information on the specific tasks to be outsourced and the name(s) of the outsourced processor(s) in their privacy policy, so that such information is readily available to employees. Additionally, the outsourced processor must comply with specific obligations set out in the PIPA.

For employers that transfer personal information to a foreign entity for the benefit and use of such entity, consent is the only approved method to transfer personal data overseas, even in cases where consent would not otherwise be required. When obtaining employee consent, inform employees of:

  • who will receive the personal information;
  • the reason the third party will receive the information and how it will be used;
  • the details of the information that will be shared with the third-party;
  • the period the data will be retained and used; and,
  • the fact that the individual can deny consent, as well as the potential disadvantages that will result if they reject consent.

 

HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. Employees should be clearly informed before any of their personal data is transferred outside of South Korea. In addition, all entities that will receive the data must comply with the PIPA.

 


Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.

Share Your Feedback

Let's Talk