Taiwan Withdraws Proposal Requiring Private Sector Entities to Appoint a Data Protection Officer

In January, Taiwan���s personal data protection regulator, the Preparatory Office of the Personal Data Protection Committee (���PDPC���) introduced initial draft amendments to Taiwan���s primary personal data protection legislation, the Personal Data Protection Act (���PDPA���), outlining various new personal data protection obligations for both the public and private sectors.

During the public consultation process, significant objections were raised regarding the proposed requirement for non-governmental entities meeting certain thresholds to designate a data protection officer (���DPO���) responsible for managing and overseeing personal data protection matters in the non-governmental entities. In response, the Preparatory Office of the PDPC revised its initial proposal, and the final draft amendments no longer impose this requirement on non-governmental entities. In addition, the final draft amendments to the PDPA remove the specific definition of a ���significant data breach��� that would trigger mandatory reporting to the PDPC. Instead, they authorize the PDPC to establish, through future regulations, the definition and threshold for reportable data breaches.

Taiwan���s Executive Yuan (the ���Cabinet���) approved the draft amendments in late March. The amendments will now be submitted to Taiwan���s Legislative Yuan (the ���Congress���) for further review and approval.

Contact

This publication is intended to highlight selected legal developments and not to be comprehensive nor to provide legal advice. If you have any questions on issues reported here or if you have any issues you would like to see covered in future editions, please contact the editors: Robert C. Lee, at +886-2-8725-6601, rclee@yangminglaw.com Dannie Liu, at +886-2-8725-6605, dannieliu@yangminglaw.com If you are interested in subscribing to any of our newsletters, please click here.