South Korea overhauls PIPA and ties fines to CEO accountability

On 10 March 2026, South Korea promulgated the most consequential rewrite of its Personal Information Protection Act since the law's 2023 overhaul. Set to take effect 11 Sept., the amendment introduces a penalty ceiling of 10% of total turnover and places personal supervisory liability on the CEO. In a jurisdiction where the enforcement authority has consistently demonstrated a willingness to investigate aggressively and impose substantial penalties, the practical risk is now among the highest in the world.

This is not a patchwork of incremental fixes. It is a single, integrated package designed to address a diagnosis that Korean regulators have been building toward for years: that fines alone do not change corporate behavior unless they are large enough to matter, aimed at the people who actually set priorities and triggered early enough to protect data subjects before harm is done.

Why Korea acted now

The amendment did not emerge in a vacuum. Over the past year, data breaches at multiple major Korean companies have commanded sustained national attention, generating the kind of public pressure that moves legislative agendas. The Personal Information Protection Commission characterized the climate as one of growing public anxiety and social concern, and framed the reform around two complementary objectives: strengthening deterrence through stricter sanctions, and promoting preventive investment by reinforcing the management and governance structures that underpin data protection.

The practical significance extends well beyond the specific provisions. With privacy now carrying financial and governance exposure that rivals the most consequential compliance domains in South Korea, multinational operators accustomed to treating Korean privacy as one regulatory requirement among many face a genuine recalibration. The amendment's logic runs on three interconnected fronts — recalibrated deterrence, locked-in governance accountability, and earlier intervention — and understanding how they reinforce each other is the key to reading this reform correctly.