Are there any restrictions on transferring personal data and how can these be overcome?
Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations.
For employers that transfer personal information to a foreign entity for the benefit and use of such entity, obtaining consent is the only approved method to transfer personal data overseas, even in cases where consent would not otherwise be required. When obtaining employee consent, inform employees of:
- who will receive the personal information;
- the reason the third party will receive the information and how it will be used;
- the details of the information that will be shared with the third-party;
- the period the data will be retained and used; and,
- the fact that the individual can deny consent, as well as the potential disadvantages that will result if the individual rejects consent.
HR Best Practices: The use of applications in the cloud frequently results in the international transfer of employee data. Employees should be clearly informed before any of their personal data is transferred outside of South Korea. In addition, all entities that will receive the data must comply with the PIPA.