UK organizations will be able to share personal data securely with the Republic of Korea before the end of the year as the UK finalises legislation for its first independent adequacy decision.
Allowing businesses in both countries to share data without restrictions will make it easier for them to operate and grow. Once in force, the legislation is estimated to cut administrative and financial burdens for UK businesses by £11 million a year and is expected to increase exports to South Korea by £3.8 million annually.
Personal data is information related to an individual, such as a name or email address, and data must be protected to a high standard to ensure it’s collected, shared and used in a trustworthy way.
After agreeing to a data adequacy agreement in principle in July 2022, the UK government has completed its full assessment of the Republic of Korea’s personal data legislation. The government has concluded that the Republic of Korea has strong privacy laws in place which will protect data transfers to South Korea while upholding the rights and protections of UK citizens.
Before now, organizations needed to have costly and time-consuming contractual safeguards in place, such as standard data protection clauses and Binding Corporate Rules. The new freedoms will open up opportunities for many small and medium sized businesses who may have avoided international data transfers to Korea due to these burdens.
Removing barriers to data transfers will also boost research and innovation by making it easier for experts to collaborate on medical treatments and other vital research which could save lives in the UK. For example, secure international personal data transfers are essential for developing effective medical treatments like vaccines.
UK Data Minister Julia Lopez met with representatives of the Korean Personal Information Protection Commission today to mark the legislation being laid in Parliament, which is expected to come into force from the 19th December.
This is the UK’s first decision to recognize a priority country adequate since leaving the European Union (EU).
The UK’s adequacy decision is broader than the EU’s deal with South Korea. The most significant difference between the two deals is that UK organizations will be able to share personal data related to credit information with the Republic of Korea to help identify customers and verify payments. The ability to share this type of data will help UK businesses with a presence in the Republic of Korea to boost credit, lending, investment and insurance operations in the Republic of Korea.
Data Minister Julia Lopez said: “Before the end of the year, businesses will be able to share data freely with the Republic of Korea – safe in the knowledge it will be protected to the high privacy standards we expect in the UK.
Removing unnecessary burdens on businesses will help unleash innovation, drive growth and improve lives across both our countries.”
The Republic of Korea is one of the fastest growing markets for the UK, with more than two-thirds of British services exports to the country data-enabled.
John Edwards, UK Information Commissioner, said: “We support the Government in undertaking adequacy assessments to enable personal data to flow freely to trusted partners around the world.
“We provided advice to the Government during this assessment of the Republic of Korea, and we are satisfied with the Government’s recognition of similar data protection rights and protection in Korean laws. This will bring certainty to UK businesses and reduce the burden of compliance, while ensuring people’s data is handled responsibly.”