GDPR과 2018 BDSG를 통해 본 국내의 개인정보보호법 입법방향에 대한 소고

A Study on Direction of Legislation Improvement of Data Protection Law of Korea by comparing to GDPR and 2018 BDSG - Focusing on conditions of general personal data and special categories of personal data processing, processing and exclusion area, transfer personal data to a third country-

The GDPR so, there is controversy as to whether commercial sales of personal data and monitoring of employee can be included in the data controller s legitimate interests. The GDPR allows for additional processing if it is compatible without any specific grounds. The purpose of preservation of public records, scientific and historical research purposes, and statistical purposes are considered compatible and legal methods of data processing. Article 5 and 6 of GDPR should be applied directly to 2018 BDSG. Article 9 of the GDPR requires the enforcement of appropriate and special countermeasures in advance, such as safety measures for processing of special categories of personal data, anonymity and pseudonymisation or encryption. Article 23 and article 24 of Data Protection Law of Korea stipulates the handling of special categories of personal data after appropriate safety measures pursuant to article 29 to prevent loss, theft, leakage, forgery, alteration or damage. The Supreme Court in Korea is even willing to recognize limited commercial sales of public person s information. Article 89 of the GDPR is recognized actively on the premise that preservation of public records, scientific and historical studies, and processing for statistical purposes should be done on the basis of technical and administrative measures. Data Protection Law of Korea is similar. The guideline of the Ministry of Government Administration and Home Affairs in 2016 that it can be used as a market analysis or management strategy, development of new products and service improvement . When transferring personal data to a third country, article 45 and article 46 and article 49 are important articles. The criteria for adequacy decision is still valid for the 95/46/EU criteria. Article 14 and Article 17 of the Data Protection Law of Korea make it difficult to take proper protective measures against a transfer of personal data to a third country. Therefore, it is necessary to make concrete the personal data, which cannot be allowed to be transferred to a third country and newly supervised by the Personal Information Protection Committee(PIPC), such as GDPR and 2018 BDSG, by legislation.