Securiti Ranked #1 DSPM Vendor by GigaOm

View

Taiwan’s Personal Data Protection Act

Last Updated on agosto 27, 2024

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

Veja uma demonstração
Schedule your demo today

In Taiwan, the primary legislation governing data protection is the Personal Data Protection Act (PDPA). Its main objective is to safeguard individuals' privacy rights by regulating personal data collection, processing, and use. The PDPA ensures that personal data is managed responsibly and securely, protecting individuals from potential misuse and unauthorized access.

Initially introduced in 1995, the PDPA was enacted in 2010 and has since provided a comprehensive framework for protecting personal data. The Enforcement Rules of the Personal Data Protection Act (ERPDPA) further clarify the interpretation and implementation of the PDPA.

The latest amendments to the PDPA were implemented on May 31, 2023, including updates to Article 48 of the PDPA concerning security obligation violations and establishing an independent supervisory mechanism. Moreover, the competent regulatory authority is the Personal Data Protection Commission (PDPC) and it collaborates with the Ministry of Justice to enforce the PDPA.

The solution

Securiti enables organizations to comply with Taiwan’s PDPA through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Canada PIPEDA Compliance Solution

Securiti supports enterprises in their journey toward compliance with Taiwan’s PDPA through automation, enhanced data visibility, and identity linking.

See how Securiti helps you comply with various sections of Taiwan’s PDPA.


 

Automate Data Subject Access Request Handling

PDPA Articles: 3(1), 10, 13(Para 1),14

The automation of the processing and handling of secure data access requests will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the data access requests.

PIPEDA dsr portal
Taiwan

Secure Fulfillment of Data Access Requests

PDPA Articles: 3(1), 10,13(Para 1),14

Data is disclosed to data subjects through a secured and centralized point within a limited time frame. This allows organizations to respond to data access requests in a timely manner and provide data that can be readily retrieved.

Automate the Processing of Data Portability Requests

PDPA Articles: 3(2), 10, 13(Para 1), 14

Automate the generation and delivery of data portability requests within a limited time frame through a secure and centralized point.

PIPEDA data access request
PIPEDA data rectify request

Automate the Processing of Data Rectification Requests

PDPA Articles: 3(3), 11(Para 1,2 & 5),13(Para 2)

Fulfill data rectification requests seamlessly using automated data subject verification workflows across all appearances of a data subject’s personal data.

Automate Object and Opt-out Requests

PDPA Articles: 3(4), 11(Para 3 & 4), 13(Para 2)

Build a framework for objections and processing restrictions based on business requirements using collaborative workflows.

PIPEDA data erasure request
PIPEDA personal data monitoring tracking

Automate Erasure Requests

PDPA Articles: 3(5), 11(Para 2, 3 & 4), 13(Para 2), 

Fulfill data subjects’ personal data erasure requests swiftly through automated and flexible workflows.

Meet Cookie Compliance

PDPA Articles: 7,15(2), 19(5), 20(6) 16(7), 20(1), 6(6), 8, 9

Automatically scan the web properties within your organization and create cookie categories according to cookie properties and retention periods. Build customizable cookie consent banners according to the applicable jurisdictional cookie consent requirements.

PIPEDA people data graph
Taiwan

Monitor and Track Consent

PDPA Articles: 7,15(2), 19(5), 20(6) 16(7), 20(1), 6(6), 8, 9

Track and honor consent and consent revocation, as well as any changes to data subject’s preferences concerning the use of their personal data to prevent the transfer or processing of data without their consent.

Map Data Flows

PDPA Articles: 4, 21.

Track data flows in your organizations by having a centralized catalog of internal data process flows and flows for data transfer to service providers and other third parties. Moreover, maintaining updated records of data processing activities enables you to demonstrate compliance with the applicable legal requirements.

Taiwan
Taiwan

Manage Vendor Risk

PDPA Articles: 4 

Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.

Breach Response Notification

PDPA Articles: 12
ERPDPA Articles: 22

Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.

Taiwan
PIPEDA Vendor Risk Management

Implement Security Measures

PDPA Articles: 27, 48
ERPDPA Articles: 12

Securiti’s Data Intelligence modules enable you to identify gaps and risks particular to your data processing and implement appropriate security controls.

Key Rights Under Taiwan’s PDPA

Right to Access: Data subjects have the right to access their personal data held by an organization. They can review and request a copy of their personal data.

Right to Data Portability: Data subjects have the right to access and retain a copy of their personal data and reuse it for their own purposes. They can also transfer their data from one organization to another without hindrance.

Right to Correction: Data subjects have the right to correct or supplement their personal data held by an organization.

Right to Opt-Out/Object: Data subjects have the right to opt-out of or object to the processing of their personal data for direct marketing or new purposes.

Right to Erasure: Data subjects can request the data user to delete their personal data that is no longer required for the purpose for which it was initially collected or upon expiration of the relevant time period.

Facts Related to Taiwan PDPA

1

Taiwan’s Personal Data Protection Act (PDPA) took effect on May 26, 2010. Major amendments to the PDPA were made in 2015 and 2023.

2

The PDPA applies to both government agencies and non-government organizations handling personal data.

3

Data subjects in Taiwan have the right to seek compensation through civil actions for damages caused by breaches of the PDPA's provisions. 

4

Breach of Articles 6(1), 19, 20(1), or international transmission, may lead to a fine of NTD 50,000 to 500,000  and a rectification order within a limitation period. Moreover, a breach of Articles 8, 9, 10, 11, 12, 13, 20(2), 20(3) may lead to a fine of NTD 20,000 to 200,000  and a rectification order within a limitation period. Non-compliance with Article 27(1) (security and maintenance plan failures) may lead to a fine of NTD 20,000 to 2,000,000 or NTD 150,000 to 15,000,000 in case of a serious violation. There are additional fines for each occurrence if not rectified.

5

The PDPA also provides criminal penalties. Breach of Articles 6(1), 15, 16, 19, 20(1), or international transmission limits with intent to gain illegal interest or harm others may lead to imprisonment of up to 5 years and/or fines up to 1,000,000.  Additionally, alteration, deletion, or hindrance of personal data with intent to gain illegal interest or cause harm may lead to imprisonment of up to 5 years or short-term imprisonment and/or a fine of up to NTD 1,000,000.

6

Cross-border data transfers are generally permitted but may be restricted by central competent authorities under specific circumstances, such as inadequate protection in the destination country.

7

Under the PDPA, the appointment of a DPO is not mandatory. Organizations are free to choose whether to appoint one.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New