EU의 'GDPR 적정성결정을'을 위한 입법과제

GDPR prohibits "transfer of personal information offshore", in which the national data are transferred without any restrictions to foreign companies. Ho wever, if the company complies with the appropriate safeguards required by t he GDPR, or if it receives a "Adequacy Decisionn" at the national level, co mpanies in that country may transfer personal information without further acti on So, the most efficient way for domestic companies to process EU citizen's personal information is to obtain a 'adequacy decision' at the country level.
In this paper, as examining the case of Japan which has obtained 'adequacy decision' recently, the necessary point in order to obtain the 'adequacy decision' is drawn. As a measure, it is necessary to amend the law for securing the independence of personal information supervisory agencies, restriction of transfer of personal data tothird countries, and uniformity of personal information protection related laws. And this paper suggests a revision direction. Considering ;the amendment bill of the Personal Information Protection Act; that is submitted to the National Assembly (presented by Representative Min Jae-keun) the independence requirement of the Personal Information supervisory agencies is usually satisfied. However, there is a need for linking with individual personal information supervisory agencies such as the Financial Services Commission. Although legal supplementation is important for the restriction of data transfer to third countries, effective enforcement of global companies is more important. Especially, the more specific provisions are placed on individual laws in relation to the protection of personal information, the less the existence of the "Personal Information Protection Act" their will be. As a result, it may result in only keeping a nominal position. Therefore, if there is no need for a clearly exceptional case, separate legislation related to personal information should be avoided.