Preliminary Fact-Finding Inspections
(1) In cases not falling under the subparagraphs of Article 63 (1), the Protection Commission may inspect the status of protection of personal information of a personal information controller that is highly susceptible to a personal information breach incident and deemed to need a preliminary inspection of vulnerabilities in the protection of personal information.
(2) The Protection Commission may, if it finds any violation of this Act through a fact-finding inspection under paragraph (1), formulate a correction scheme and recommend that the relevant personal information controller comply with it.
(3) Upon receipt of the recommendation for correction under paragraph (2), a personal information controller shall notify the Protection Commission as to whether it accepts the recommendation within 10 days from the date of receipt of the recommendation, and inform the Protection Commission of the results of the implementation thereof, as prescribed by Notification of the Protection Commission.
(4) When any person upon receipt of the recommendation for correction under paragraph (2) accepts the relevant recommendation, he or she shall be deemed to have received an order for corrective measures (referring to a recommendation under Article 64 (3) in cases of central administrative agencies, local governments, the National Assembly, the Court, the Constitutional Court, and the National Election Commission) under Article 64 (1).
(5) If a person upon receipt of the recommendation for correction under paragraph (2) refuses to accept or fails to comply with the relevant recommendation, the Protection Commission may conduct an inspection under Article 63 (2).
(6) The Protection Commission may inspect the status of personal information protection under paragraph (1) jointly with the head of a relevant central administrative agency.