28-5
Prohibited Acts in Processing Pseudonymized Information
(1) No person who processes pseudonymized information under Article 28-2 or 28-3 shall process such information for the purpose of uniquely identifying an individual.
(2) When information that can uniquely identify an individual is generated in the process of processing pseudonymized information under Article 28-2 or 28-3, a personal information controller shall immediately cease the processing of the relevant information, and shall retrieve and destroy the information without delay.