Dealing with new EU data rules

Lee Sung-yeop
*Professor at Korea University’s Graduate School of Management of Technology

The EU General Data Protection Regulation (GDPR) took effect on May 25. The law applies not only to companies in Europe but all foreign companies providing services or selling products to European citizens as well.

As the EU is Korea’s third-largest trade partner after China and the United States, many Korean companies will be affected by the law. The government has published a GDPR guide and offered seminars to help companies deal with the changes.

Firstly, the purpose of the GDPR should be considered. The GDPR is protectionist legislation to reinforce regulations on companies outside of the EU regarding personal information use. It especially applies to the United States, which emphasizes free movement of data across borders, and China, which regulates overseas relocation of information of its citizens through “data localization.”

The GDPR is likely to be the standard of personal information protection and used as the new norm of the data economy. In international relations, the influence of the law depends on power. The effort that the government and companies have made to abide by the GDPR stresses the importance of technology, industrial and business competitiveness. How to set up relationships with powers and maximize Korea’s business interests while protecting personal information is homework for Korea in the fierce contest among the powers over data hegemony.