Changeflow GovPing Data Privacy & Cybersecurity Christie's Fined KRW 287.2M by Korea PIPC for D...
Priority review Enforcement Added Final

Christie's Fined KRW 287.2M by Korea PIPC for Data Breaches

Favicon for www.pipc.go.kr Korea PIPC (EN alt)
Filed
Detected
Email

Summary

The Personal Information Protection Commission imposed a fine of KRW 287.2 million on Christie's for data breaches. The enforcement action was taken on April 22, 2026. This marks a significant enforcement outcome for an international commercial entity under Korea's data protection framework, signalling continued regulatory attention on cross-border data handling practices.

Why this matters

International auction houses and luxury goods companies with Korean customer bases should review their personal data breach notification timelines and cross-border transfer mechanisms. PIPC enforcement against a named Western commercial entity suggests increased willingness to pursue foreign firms for data protection violations, not just domestic companies.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by PIPC on pipc.go.kr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors Korea PIPC (EN alt) for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

The Personal Information Protection Commission imposed a fine of KRW 287.2 million on Christie's for data breaches. The enforcement represents one of the more substantial financial penalties issued by Korea's privacy regulator against a foreign commercial entity.

Companies operating in Korea that handle personal data, particularly international firms with significant Korean customer bases, should treat this enforcement as a signal to review their data breach notification procedures, incident response protocols, and cross-border data transfer safeguards under Korea's PIPA framework.

Penalties

KRW 287.2 million

Archived snapshot

Apr 23, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

** This site is the official e-Government website of the Republic of Korea.

-

-

-

-

print share

Latest Photo News

Title The PIPC Sanctions Christie's for Data Breaches, Imposing KRW 287.2 million
Date 2026.04.22
Contents

| Attachment |
Previous The PIPC Overhauls "Guidelines on Pseudonymization" by Introducing a Risk-Based Approach Next no data found Back to list
- Privacy Policy
- Location
- Sitemap
209 Sejong-daero, Jongno-gu, Seoul 03171, Korea

Copyright ⓒ Personal Information Protection Commission. All right reserved.

Parties

Christie's

Related changes

Favicon for www.pipc.go.kr PIPC Korea AI Transformation, Pseudonymization, Privacy Notices April 2026
Routine Apr 23, 2026 Korea PIPC (EN alt) Data Privacy & Cybersecurity
Favicon for www.pipc.go.kr PIPC Chairperson Delivers Cyber Diplomacy Lecture to Ambassadors
Routine Apr 23, 2026 Korea PIPC (EN alt) Data Privacy & Cybersecurity
Favicon for www.mfds.go.kr WHO Gives Korea Perfect Score, World-Class Food Safety
Routine Apr 23, 2026 MFDS South Korea News Consumer Protection

Get daily alerts for Korea PIPC (EN alt)

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.pipc.go.kr
Korea PIPC (EN alt) pipc.go.kr/eng
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from PIPC.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
PIPC
Filed
April 22nd, 2026
Instrument
Enforcement
Branch
Executive
Legal weight
Binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Retailers Technology companies
Industry sector
4411 Retail Trade
Activity scope
Data breach response Cross-border data handling Privacy incident notification
Geographic scope
KR KR

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Cybersecurity Consumer Protection

Browse Categories

Agriculture & Food Safety 79 AI Regulation 3 Banking & Finance 483 Consumer Protection 120 Courts & Legal 442 Data Privacy & Cybersecurity 133 Defense & National Security 53 Education 64 Energy 106 Environment 169 Gaming 2 Government & Legislation 461 Healthcare 15 Healthcare & Life Sciences 409 Immigration 10 Insurance 86 Labor & Employment 171 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 85 Securities & Markets 177 Tax 96 Telecom & Technology 48 Trade & Sanctions 156 Transportation 111

Get alerts for this source

We'll email you when Korea PIPC (EN alt) publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!