In March the Korean Personal Information Protection Commission amended the Act on the Promotion of Information Communication Network Utilization and Information Protection ("Act") to enhance accountability for data protection and increase liability for data breaches. The amendments increase the potential sanctions against companies in South Korea that suffer data breaches and that engage in unauthorised foreign transfers of personal data, for which prior consent will now be required. The amendments will take effect on 23 September 2016 and will see sanctions increased to three times the actual damages suffered by customers in the event of a data breach, and a fine of up to 3% of revenue where prior consent is not obtained for international transfers.

In light of the more stringent measures in effect we would advise paying increased attention to data protection compliance in South Korea.