29-10
Protective Measures in Cases of Cross-Border Transfers of Personal Information
(1) Where a personal information controller makes a cross-border transfer of personal information under the proviso, with the exception of the subparagraphs, of Article 28-8 (1) of the Act, he or she shall take the following protective measures under Article 28-8 (4) of the Act:
- Measures to ensure safety for protecting personal information under Article 30 (1);
- Measures to handle grievances and resolve disputes with respect to personal information breach;
- Other measures necessary to protect the personal information of data subjects.
(2) Where a personal information controller makes a cross-border transfer of personal information under the proviso, with the exception of the subparagraphs, of Article 28-8 (1) of the Act, it shall have a prior consultation with the recipient of the personal information on the matters specified in the subparagraphs of paragraph (1) and shall reflect the results of such consultation in the details of a contract, etc.