Korean companies targeting the European market are feeling a growing sense of crisis ahead of the effectuation of the General Data Protection Regulation (GDPR) on May 25. But some analysts say that the GDPR can offer good opportunities to companies that have been preparing for it as they can reduce regulatory costs and enter the global market.
GDPR’s purpose is to create a single digital market in Europe and if the GDPR becomes a global personal information protection standard, it will be easy for Korean companies to advance into the global market as well as Europe if they honor the GDPR well.
It is pointed out that Korean companies do not need to be excessively concerned about the fine risk because the maximum penalty amounting to about 20 million euros is evaluated in detail based on 11 criteria in consideration of GDPR compliance efforts and mitigation measure-taking processes after GDPR violations. If the EU Executive Committee regards Korea as a GDPR honoring country by the end of the year, it is increasingly anticipated that Korean companies will be able to secure rights to move personal information freely outside of Europe on condition that they properly comply with the GDPR.
According to related industries and the Korea Internet and Security Agency (KISA) on May 1, the GDPR will be applied to 28 EU countries beginning on May 25. If a company is well prepared with a GDPR response system, it needs to abide by one single personal information protection regulation when it makes a foray into any EU country. Therefore, the company can reduce regulatory cost to one 28th and expand their markets to 28 nations under the aegis of the GDPR framework.
This is because the GDPR aims to raise the level of privacy protection and at the same time to freely utilize data within one single digital market in Europe. In particular, the GDPR separated personal information from pseudonym information and anonymous information, and legally specified that pseudonym information and anonymous information should be used for commercial statistics and research purposes. It has been claimed that Europe is trying to win the hegemony of the big data industry called ‘crude oil’ of the 4th Industrial Revolution.
However, domestic and foreign GDPR experts believe that only the construction of a GDPR system can save companies a lot of global regulatory cost as China and Russia in the big data and 5G era are going to strengthen the protection of personal information. For example, when game companies launch their games simultaneously in 200 countries, they can protect users in Europe and the United States with the same personal information protection standards.
“The GDPR is focused on consistently maintaining personal information protection so checks whether or not a company comply with it faithfully and reported a violation of the regulation in accordance with its procedure,” said an official of the KISA. “As its 11 criteria assess a case and grade it with three levels according to the severity of the case, it will be reasonable even if the GDPR imposes a penalty.” Government authorities and industry watchers forecast that if an excessive penalty is imposed on a company, it can spark off a “trade war” so the GDPR will maintain a reasonable regulatory level.
Moreover, there is an expectation that if Korea receives an appropriateness assessment that is being pursued by the KISA, Korean companies will be free to move personal information within their business groups.