
1 

(1) These Regulations may be cited as the Data Protection (Adequacy) (Republic of Korea) Regulations 2022.
(2) These Regulations come into force on 19th December 2022.
(3) These Regulations extend to England and Wales, Scotland and Northern Ireland.
2 

(1) For the purposes of Part 2 of the Data Protection Act 2018 and the UK GDPR, the Secretary of State specifies the Republic of Korea as ensuring an adequate level of protection of personal data for a transfer described in subsection (2).
(2) A transfer described by this subsection is a transfer of personal data to a person in the Republic of Korea who is subject to the Personal Information Protection Act as that Act forms part of the law of the Republic of Korea and has effect from time to time.
3 
The independent supervisory authorities in the Republic of Korea are—
(a) the Personal Information Protection Commission established by Article 7 of the Personal Information Protection Act as it forms part of the law of the Republic of Korea; and
(b) the Financial Services Commission established by Article 3 of the Act on the Establishment of Financial Services Commission as it forms part of the law of the Republic of Korea.
Michelle Donelan
Secretary of State
Department for Digital, Culture, Media and Sport
21st November 2022