A Master Plan is established every three years to ensure the protection of personal information and the rights
and interests of data subjects (Personal Information Protection Law, Article 9)
Who Establishes the Plan?
Personal Information Protection Commission
- Basic goals and intended directions, improvement of systems and statutes, measures to prevent personal information breaches, vitalization of self-regulation,
promoting education and public relations, training of specialists and other matters necessary to protect personal information.
- The 1st~3rd Master Plans focused on a stable establishment of the Personal Information Protection Act in the society, which came into force in
2011 for the first time in the country, and emphasized improvement of each stakeholder’s capabilities.
- The 4th Master Plan reflects the recent revision of the 3 Data Economy Laws and focuses on innovation of the personal information protection
system and reinforcement of protection competency based on self-regulation and cooperation.
The 4th Master Plan has declared a vision of “Safe Personal Information Protection Makes Korea a Reliable Data Powerhouse”, and prepared 3 strategies with 10 key tasks to achieve the vision as follows:
- · Solid Protection of Personal Information
- · Safe Use of Personal Information while Increasing Its Value
- · Fair Balance between Protection and Use
Vision and Strategy of the 4th Master Plan
- Safe Personal Information Protection makes Korea a Reliable Data Powerhouse
- * (more Secure) Solid Protection of Personal Information
- * (more Handy) Safe Use of Personal Information while Increasing Its Value
- * (more Robust) Fair Balance Between Protection and Use
- Reinforcement of proactive protection of personal information
- · Reinforce data subjects’ rights and promote people’s privacy literacy
- · Make a business ecosystem of self-regulation
- · Advance the mechanism of personal information protection in public sectors
- Building of safe environments to use personal information
- · Support the safe use of personal information
- · Safeguard personal information in the digital transformation environment
- · Create a safe environment for personal information through technological developments
- Securing of global personal information leadership
- · Reduce people's concerns about personal information infringement
- · Build national governance for personal information protection
- · Lead the world in the field of personal information protection and use
- · Reinforce the Personal Information Protection Commission's leadership
- Privacy by Design
In accordance with the Master Plan, the head of each central administrative agency shall establish its own annual implementation plan.
Article 10 of the Personal Information Protection Act
① The head of a central administrative agency shall establish an implementation plan to protect personal information each year in
accordance with the Master Plan and submit it to the Protection Commission, and shall execute the implementation plan subject to the
deliberation and resolution of the Protection Commission.
② Matters necessary for the establishment and execution of the implementation plan shall be prescribed by Presidential Decree.
Article 12 of the Enforcement Decree of the Personal Information Protection Act
① The Protection Commission shall develop guidelines on how to establish implementation plans for the third year by no
later than June 30 each year, and notify the heads of the relevant central administrative agencies of such guidelines.
② The head of a relevant central administrative agency shall establish the implementation plan under his/her jurisdiction, to be
implemented during the following year based upon the Master Plan according to the guidelines notified under Paragraph 1;
and shall submit it to the Protection Commission by no later than September 30 each year.
③ The Protection Commission shall deliberate and resolve on the implementation plans submitted pursuant to Paragraph 2 by no later than December 31
of that year.
Agencies establishing the implementation plan
48 central administrative agencies (18 ministries(부), 4 ministries(처), 17 offices and administrations (청), and 6 commissions, the Board of Audit and Inspection,
National Intelligence Service and the Office for Government Policy Coordination)
Procedures and Schedule
- Personal Information Protection Commission
- Shall establish guidelines for the implementation plan and notify the relevant central administrative agencies
by the end of June
- Central administrative agencies (48)
- Shall establish the implementation plan in accordance with the guidelines and submit it to the Protection Commission
by the end of September of each year
- Personal Information Protection Commission
- Shall deliberate and resolve on the implementation plans submitted by each central administrative agency by the end of December each year)
- Background, goal, and strategy (of each central administrative agency)
- Performance of the previous year
- Working plan for the coming year, structure and timeline to carry out the Implementation Plan
- Final budget of the current year related to personal information protection, the budget needed for the following year detailed in each project, and its expected effects, etc.