Toss Marks 2nd Year of Data Protection Committee

2024.12.09ㆍby toss

An independent body of external experts contributes to advancing data governance
Ongoing discussions on policies and operations regarding customer data protection

Viva Republica, the operator of the financial super app "Toss,” announced that it is marking the 2nd anniversary of the Data Protection Compliance Advisory Committee (Committee).

Established in November 2022, the Committee serves as an independent advisory body that strengthens Toss’ customer data protection and independently monitors compliance with relevant laws. The Committee is led by Korea University’s Graduate School of Cyber Security Professor Hun-Yeong Kwon with Professor Seungjoo Kim from the same graduate school and Legal Advisor Chuljoon Kim from Kim & Lee Law Firm serving as members.

Since its launch two years ago, Toss has shared its data protection policies and operational strategies with the Committee for expert consultation. Key agendas have included enhancing data management, refining data governance, ensuring regulatory compliance and legal adaptation, developing an AI governance framework, strengthening customer data sovereignty, and fostering trust in data protection practices.

Based on these discussions, Toss has achieved concrete milestones, including being the first fintech company in Korea to obtain CBPR (Cross-Border Privacy Rules) certification, establishing a Third-Party Risk Management (TPRM) system for data handling with external partners, and launching a Personal Information Safety Report for users.

At the 5th regular meeting, held to mark the 2nd anniversary of the Committee’s establishment, reports were presented on improvements to personal data collection agreements in response to amendments to the Personal Information Protection Act, as well as technical and administrative protection measures for biometric data. The Committee gathered opinions on these matters.

"The Committee has played a crucial role in independently overseeing Toss’ data utilization and protection efforts, contributing to the advancement of our data governance system over the past two years,” a Toss representative said. “Moving forward, we will continue discussions on transparency and trust while establishing new standards for data protection in the financial industry."