Law: The Personal Data Protection Act 2010 (as amended in 2015) ('PDPA')
Regulator: The National Development Council ('NDC')
Summary: Data protection in Taiwan is governed by the PDPA and the Enforcement Rules of the Personal Data Protection Act. Although the NDC is the lead regulator when it comes to interpreting the PDPA, the PDPA is enforced by the competent regulators that supervise each industry. Of these regulators, the Financial Supervisory Commission is the most active. On June 2, 2023, amendments to the PDPA entered into effect. The amendments update Article 48 of the PDPA in regard to violations of security obligations and establish an independent supervision mechanism. The NDC confirmed that the Executive Yuan will promptly establish a preparatory office for the Personal Data Protection Commission.