Data Protection & Privacy

“Bae, Kim & Lee stands out through the experience and know-how of its attorneys, their professionalism and their teamwork.”

- The Asia Pacific Legal 500


BKL’s Data Protection and Privacy Practice Group provides effective and timely solutions to meet clients’ needs based on our market-leading expertise and practical understanding of the regulatory environment. We routinely advise companies on data protection and privacy compliance in relation to a wide range of service launches both in Korea and abroad, as well as data breach and regulatory investigations. Our experience in this area has been unparalleled and our understanding of the complex framework of both domestic and global legal requirements has been recognized by awards from the leading domestic and overseas legal media, regulatory authorities and client satisfaction surveys. Our clients come from all industries including IT, retail and distribution, pharmaceuticals, video gaming, streaming services, e-commerce and financial services.

BKL conducts evaluation and assessment of data protection and privacy risks based on comparative analysis and our working knowledge of both domestic and overseas personal data regulatory systems, and provides regulatory and compliance advice to produce optimized solutions based on such risk assessment. With the heightened regulatory requirements for data protection and privacy in both the EU and the US, which have global reach and thus practical implications for companies directing their services towards EU and California residents regardless of where the company is located, effective legal advice in today’s highly connected world of business requires the understanding of both the domestic and overseas legal requirements applicable to the handling of personal data.

BKL also provides services to help companies build an efficient governance system for big data, AI and Mydata while minimizing the legal risks. The new opportunities made possible by big data are accompanied by myriad issues of data protection and privacy requiring thorough legal review and effective risk controls and response measures.

BKL also provides advisory services in connection with administrative measures and investigations by relevant administrative agencies in accordance with laws and regulations related to personal information.

Moreover, BKL provides prompt advice in case of personal information infringement incidents and data breaches, and dedicated representation in civil and criminal litigation based on profound expertise and vast experience.

Key Services

Advice and Compliance Related to Domestic and Overseas Personal Information Protection
Compliance assessment based on data flow analysis and review of related risks
Overall advice on risk assessment and improvement
On-going advice on devising and managing effective internal process, risk controls, and conduct of training on data protection
Advice on compliance with overseas legal requirements related to personal data protection such as EU’s GDPR or California’s CCPA/COPPA
Advice on Responding to Regulatory Authorities and Representation in Criminal Litigation for Violation of Personal Data Protection Laws
Responding to data protection authorities in relation to personal data leakage and represent in related administrative litigations
Acting in civil and criminal litigation resulting from personal data hacking incidents or regulatory infringement
Establishment of Big data/AI/Mydata governance, Risk assessment in newly created businesses and Review of Risk Management Plan
Risk assessment analysis for every stage of big data collection, preservation, management and applications
Advice on measures to mitigate risks such as data de-identification
Advice on data combination in the context of big data, profiling and customized advertising
Advice on approval and related issues for Mydata

Representative Cases

Represented a global electronics company in its worldwide app service launch
Advised on response to personal data leakage caused by hacking of online shopping service
Advised the Personal Information Protection Commission, the Korea Communications Commission, KISA, NIA, etc.
Personal Information Protection Compliance
Advised a global electronics company on data combination and x-document request from a global investigation agency
Advised a global IT company on its worldwide web browser service launch project
Represented a global electronics company in its worldwide app service launch
Advised a global content provider and its affiliates on GDPR/CCPA/COPPA compliance
Advised industry associations and startups on compliance with GDPR/CCPA/COPPA.
Performed consulting projects for KISA SMEs in relation to GDPR compliance
Advised global Fortune 500 companies on data protection and privacy compliance for Korea.
Administrative Regulations and Data Breach Incidents
Advised on response to personal data leakage caused by hacking of online shopping service
Advised various multi-national companies in responding to x-document requests by regulatory authorities
Represented telecom companies in civil, criminal and administrative litigations involving personal data leakage incidents due to hacking
Represented the clients in civil and criminal litigations involving personal data related to medical information
Advised domestic financial companies on personal information leakage incidents
Advised a China-based, global IT service provider in connection with investigations by Korean data protection authorities
Advised a domestic food delivery app service provider in response to regulatory investigations
Advised a multi-national service provider’s processing of children’s personal data
Advised a domestic online education service provider in response to personal data leakage incident
Other Services
Advised the Personal Information Protection Commission, the Korea Communications Commission, KISA, NIA, etc.
Participated in drafting GDPR guidance and commentary by regulatory authorities, and advised on interpretation of statute and policy improvements
Advised on and reviewed amendments to data protection laws
Advised on adequacy x-evaluation of data-combining organizations dealing in pseudonymized or anonymized data