LISTEN NOW: Evolution of Data Controls in the Era of Generative AI
ViewLearn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.
Ver una demostración
In Taiwan, the primary legislation governing data protection is the Personal Data Protection Act (PDPA). Its main objective is to safeguard individuals' privacy rights by regulating personal data collection, processing, and use. The PDPA ensures that personal data is managed responsibly and securely, protecting individuals from potential misuse and unauthorized access.
Initially introduced in 1995, the PDPA was enacted in 2010 and has since provided a comprehensive framework for protecting personal data. The Enforcement Rules of the Personal Data Protection Act (ERPDPA) further clarify the interpretation and implementation of the PDPA.
The latest amendments to the PDPA were implemented on May 31, 2023, including updates to Article 48 of the PDPA concerning security obligation violations and establishing an independent supervisory mechanism. Moreover, the competent regulatory authority is the Personal Data Protection Commission (PDPC) and it collaborates with the Ministry of Justice to enforce the PDPA.
Securiti enables organizations to comply with Taiwan’s PDPA through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with Taiwan’s PDPA through automation, enhanced data visibility, and identity linking.
See how Securiti helps you comply with various sections of Taiwan’s PDPA.
PDPA Articles: 3(1), 10, 13(Para 1),14
The automation of the processing and handling of secure data access requests will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the data access requests.
PDPA Articles: 3(1), 10,13(Para 1),14
Data is disclosed to data subjects through a secured and centralized point within a limited time frame. This allows organizations to respond to data access requests in a timely manner and provide data that can be readily retrieved.
PDPA Articles: 3(2), 10, 13(Para 1), 14
Automate the generation and delivery of data portability requests within a limited time frame through a secure and centralized point.
PDPA Articles: 3(3), 11(Para 1,2 & 5),13(Para 2)
Fulfill data rectification requests seamlessly using automated data subject verification workflows across all appearances of a data subject’s personal data.
PDPA Articles: 3(4), 11(Para 3 & 4), 13(Para 2)
Build a framework for objections and processing restrictions based on business requirements using collaborative workflows.
PDPA Articles: 3(5), 11(Para 2, 3 & 4), 13(Para 2),
Fulfill data subjects’ personal data erasure requests swiftly through automated and flexible workflows.
PDPA Articles: 7,15(2), 19(5), 20(6) 16(7), 20(1), 6(6), 8, 9
Automatically scan the web properties within your organization and create cookie categories according to cookie properties and retention periods. Build customizable cookie consent banners according to the applicable jurisdictional cookie consent requirements.
PDPA Articles: 7,15(2), 19(5), 20(6) 16(7), 20(1), 6(6), 8, 9
Track and honor consent and consent revocation, as well as any changes to data subject’s preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.
PDPA Articles: 4, 21.
Track data flows in your organizations by having a centralized catalog of internal data process flows and flows for data transfer to service providers and other third parties. Moreover, maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.
PDPA Articles: 4
Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.
PDPA Articles: 12
ERPDPA Articles: 22
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
PDPA Articles: 27, 48
ERPDPA Articles: 12
Securiti’s Data Intelligence modules enable you to identify gaps and risks particular to your data processing and implement appropriate security controls.
Right to Access: Data subjects have the right to access their personal data held by an organization. They can review and request a copy of their personal data.
Right to Data Portability: Data subjects have the right to access and retain a copy of their personal data and reuse it for their own purposes. They can also transfer their data from one organization to another without hindrance.
Right to Correction: Data subjects have the right to correct or supplement their personal data held by an organization.
Right to Opt-Out/Object: Data subjects have the right to opt-out of or object to the processing of their personal data for direct marketing or new purposes.
Right to Erasure: Data subjects can request the data user to delete their personal data that is no longer required for the purpose for which it was initially collected or upon expiration of the relevant time period.
Taiwan’s Personal Data Protection Act (PDPA) took effect on May 26, 2010. Major amendments to the PDPA were made in 2015 and 2023.
The PDPA applies to both government agencies and non-government organizations handling personal data.
Data subjects in Taiwan have the right to seek compensation through civil actions for damages caused by breaches of the PDPA's provisions.
Breach of Articles 6(1), 19, 20(1), or international transmission, may lead to a fine of NTD 50,000 to 500,000 and a rectification order within a limitation period. Moreover, a breach of Articles 8, 9, 10, 11, 12, 13, 20(2), 20(3) may lead to a fine of NTD 20,000 to 200,000 and a rectification order within a limitation period. Non-compliance with Article 27(1) (security and maintenance plan failures) may lead to a fine of NTD 20,000 to 2,000,000 or NTD 150,000 to 15,000,000 in case of a serious violation. There are additional fines for each occurrence if not rectified.
The PDPA also provides criminal penalties. Breach of Articles 6(1), 15, 16, 19, 20(1), or international transmission limits with intent to gain illegal interest or harm others may lead to imprisonment of up to 5 years and/or fines up to 1,000,000. Additionally, alteration, deletion, or hindrance of personal data with intent to gain illegal interest or cause harm may lead to imprisonment of up to 5 years or short-term imprisonment and/or a fine of up to NTD 1,000,000.
Cross-border data transfers are generally permitted but may be restricted by central competent authorities under specific circumstances, such as inadequate protection in the destination country.
Under the PDPA, the appointment of a DPO is not mandatory. Organizations are free to choose whether to appoint one.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
