What is, and which organizations have to appoint a DPO?
A Data Protection Officer (DPO) is a person in charge of verifying the compliance of personal data processing with the applicable law. The DPO communicates information on processing personal data such as its purposes, interconnections, types, categories of data subjects, length of retention and department(s) in charge of implementing processing. DPOs may be required by law or recommended.
Per the Personal Information Protection Act (Art. 31) Employers (i.e. personal information controllers) in the Republic of Korea are required to designate a privacy officer who is responsible for:
- establishing and implementing a personal information protection plan;
- conducting regular surveys of the status/practices related to processing personal data and working to improve shortcomings;
- addressing grievances and remedial compensation related to personal data processing;
- building internal controls to protect data from being divulged, misused and abused;
- preparing and implementing training programs relating to personal information protection;
- protecting, controlling and managing files;
- maintaining related materials; and,
- the destruction of expired personal data.
The DPO does not need to be based in South Korea.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.