The proposed amendments to the Enforcement Decree of the Credit Information Use and Protection Act (the "Amendment") was published on March 31, 2020, providing further details to the changes made to the Credit Information Use and Protection Act.
The Amendment's further details primarily relate to:
- standards with which to transfer and process personal information;
- the right of data portability to demand a transfer of personal credit information;
- the MyData business in credit information and financial industries relating to licensing, concurrent and ancillary business, and rules of practice;
- the consent form for utilization and provision of information within the financial industry;
- the ongoing evaluation system for data protection and the public disclosure of "Basic Credit Information Protection and Management Plan"; and
- requirements on deletion and processing of pseudonymized data.
The Amendment will be subject to a preliminary legislative notice period until May 11, 2020 followed by consultation among the relevant agencies, review period by the Ministry of Government Legislation and subsequent review and approval by the Cabinet meeting, after which the Amendment will enter into force on August 5, 2020, the promulgation date.
Please see the attachment for a detailed summary of the Amendment.