Skip to menu Skip to content

Korean e-government homepage mark This site is the official e-Government website of the Republic of Korea.


Master PlanㆍImplementation Plan


A Master Plan is established every three years to ensure the protection of personal information and the rights and interests of data subjects (Personal Information Protection Law, Article 9)

Who Establishes the Plan?

Personal Information Protection Commission

Main contents

  • Basic goals and intended directions, improvement of systems and statutes, measures to prevent personal information breaches, vitalization of self-regulation, promoting education and public relations, training of specialists and other matters necessary to protect personal information.
  • The 1st~3rd Master Plans focused on a stable establishment of the Personal Information Protection Act in the society, which came into force in 2011 for the first time in the country, and emphasized improvement of each stakeholder’s capabilities.
  • The 4th Master Plan reflects the recent revision of the 3 Data Economy Laws and focuses on innovation of the personal information protection system and reinforcement of protection competency based on self-regulation and cooperation.
  • The 4th Master Plan has declared a vision of “Safe Personal Information Protection Makes Korea a Reliable Data Powerhouse”, and prepared 3 strategies with 10 key tasks to achieve the vision as follows:
    • · Solid Protection of Personal Information
    • · Safe Use of Personal Information while Increasing Its Value
    • · Fair Balance between Protection and Use

Vision and Strategy of the 4th Master Plan

Safe Personal Information Protection makes Korea a Reliable Data Powerhouse
  • * (more Secure) Solid Protection of Personal Information
  • * (more Handy) Safe Use of Personal Information while Increasing Its Value
  • * (more Robust) Fair Balance Between Protection and Use
Performance Strategies & Tasks / See below Performance Strategies & Tasks
Reinforcement of proactive protection of personal information
  • · Reinforce data subjects’ rights and promote people’s privacy literacy
  • · Make a business ecosystem of self-regulation
  • · Advance the mechanism of personal information protection in public sectors
Building of safe environments to use personal information
  • · Support the safe use of personal information
  • · Safeguard personal information in the digital transformation environment
  • · Create a safe environment for personal information through technological developments
Securing of global personal information leadership
  • · Reduce people's concerns about personal information infringement
  • · Build national governance for personal information protection
  • · Lead the world in the field of personal information protection and use
  • · Reinforce the Personal Information Protection Commission's leadership
Privacy by Design


In accordance with the Master Plan, the head of each central administrative agency shall establish its own annual implementation plan.

Agencies establishing the implementation plan

48 central administrative agencies (18 ministries(부), 4 ministries(처), 17 offices and administrations (청), and 6 commissions, the Board of Audit and Inspection, National Intelligence Service and the Office for Government Policy Coordination)

Procedures and Schedule

  1. Personal Information Protection Commission
    Shall establish guidelines for the implementation plan and notify the relevant central administrative agencies by the end of June
  2. Central administrative agencies (48)
    Shall establish the implementation plan in accordance with the guidelines and submit it to the Protection Commission by the end of September of each year
  3. Personal Information Protection Commission
    Shall deliberate and resolve on the implementation plans submitted by each central administrative agency by the end of December each year)

Main contents

  • Background, goal, and strategy (of each central administrative agency)
  • Performance of the previous year
  • Working plan for the coming year, structure and timeline to carry out the Implementation Plan
  • Final budget of the current year related to personal information protection, the budget needed for the following year detailed in each project, and its expected effects, etc.