Last review date: 31 December 2024
☒ omnibus – all personal data
Last review date: 31 December 2024
- Personal Data Protection Act (PDPA)
- Cyber Security Management Act (CSMA)
Last review date: 31 December 2024
Last review date: 31 December 2024
Yes.
For the PDPA, the Taiwan Legislative Yuan passed an Amendment to the PDPA (Amendment) on 16 May 2023. The Amendment designates the new Personal Data Protection Commission (PDPC) as the exclusive competent authority for personal data protection to address the lack of an independent data protection authority. Currently, the enforcement of the PDPA is being conducted separately by the central government authority in charge of the sector concerned or the local government concerned. The establishment of the PDPC is still in the works. We expect the PDPC to officially begin operations by August 2025 at the latest.
For the CSMA, the Taiwan Executive Yuan submitted a draft amendment to the CSMA (Draft) to the Legislative Yuan for consideration and approval in July 2024, which indicates the Taiwan Ministry of Digital Affairs (MODA) as the competent authority for the CSMA and that the national cybersecurity matters will be handled by the Administration of Cyber Security. In addition to amending the definitions of "cyber security incident," "critical infrastructure," "critical infrastructure provider," and "specific non-government agency" in the CSMA, the Draft requires the competent central authority in charge of the sector concerned to publish the criteria and procedures for designating critical infrastructure providers. It also requires the specific non-government agency to set up a chief cybersecurity officer and related full-time personnel. The Draft will also expand the power of the competent authorities to conduct administrative investigations in the event of a cyber security incident. However, the Draft will not take effect before the Legislative Yuan’s approval.