Abstract
A Study on the Information Security Management Index through Analysis of EU-GDPR(European Union-General Data Protection Regulation)
Highlights
In recent years, the European Union (EU) has been promoting the use of personal information by businesses that process personal information while at the same time protecting the information subject by reflecting changes in the environment of personal information processing due to universal use of the Internet, protect them in a balanced way
In order to establish a practical and concrete response system based on General Data Protection Regulation (GDPR) detailed compliance requirements, companies in the EU business should analyze the status of their personal information related operations and review whether they meet GDPR regulatory requirements check and change existing risk response strategies by establishing plans and presenting detailed measures for improvement requirements
The Personal Information Protection Act stipulates that the Minister of Administrative and / or Business Administration can certify that a series of measures related to the processing and protection of personal information of the personal information processor conform to the Act through the revision of the law in 2015 (Article 1, Article 32 1) In particular, the Ministry of Public Administration and Security and the Telecommunications and Communications Commission will start the Personal Information Protection Level (PIPL) pursuant to Article 32-2 of the Personal Information Protection Act from January 2016 under the Act on Information Network Promotion and Information Security (PIMS), which is stipulated in Article 47-3 of the Personal Information Protection Management System (PIMS)
Summary
The EU has been promoting the use of personal information by businesses that process personal information while at the same time protecting the information subject by reflecting changes in the environment of personal information processing due to universal use of the Internet, protect them in a balanced way. Failure to take appropriate action in violation of the approved GDPR Code of Conduct Implementation of certification, seal, marking mechanism and failure to comply with requirements Violation of compliance obligation related to overseas transmission of personal information Transferring personal information to countries where the Executive Committee has not determined to provide the appropriate level Failure to obtain a penalty mechanism when transmitting personal information outside the European Union If the BCRs have not been approved by the competent oversight body and the BCRs do not guarantee the rights of the entity in relation to the processing of personal information within the corporate group In the absence of international conventions such as mutual legal assistance treaties, the transfer of personal information to a third country in the absence of a court or tribunal
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Asia-pacific Journal of Law, Politics and Administration
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
