🇹🇼 Taiwan
Informations
Extracts :
Extract :
No mention of the subject rignt related to Citizens outside their jurisdiction
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Persons within their jurisdiction
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the subject rignt related to Legal entities
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
No mention of the data controller's obligation/responsibility to Organizations located outside the jurisdiction processing regulated subjects data.
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
"For a natural/legal person in breach of Article 6(1), 19, 20 (1) of the PDPA or in breach of limitation on international transmission, the central competent authority may impose an administrative penalty in the amount between NTD 50,000 to 500,000 and order rectification within the limitations period.
For a natural/legal person in breach of Articles 8, 9, 10, 11, 12, 13, 20 (2), 20 (3), 27(1) of the PDPA or non-compliance of security maintenance plan of personal data profile, the central competent authority may impose an administrative penalty in an amount between NTD 20,000 to 200,000 and order rectification within the limitation period."
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"Article 21 of the PDPA, thereby causing damage to others the person shall be sentenced to imprisonment for no more than five years; in addition thereto, a fine of no more than TWD 1 million (approx. €31,770) may be imposed."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"The PDPA and the Enforcement Rules do not provide monetary penalties in the form of percentage of turnover."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"Article 21 of the PDPA, thereby causing damage to others the person shall be sentenced to imprisonment for no more than five years; in addition thereto, a fine of no more than TWD 1 million (approx. €31,770) may be imposed."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
Based on reference
2023
Reference :
Data Protection & Privacy 2023
Information on Taiwan data protection regulation | Chambers and Partners
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Data Protection & Privacy 2023
Information on Taiwan data protection regulation | Chambers and Partners
Link to reference Extracts :
Extract :
Data entered based on reference.
2023
Reference :
Data Protection & Privacy 2023
Information on Taiwan data protection regulation | Chambers and Partners
Link to reference Extracts :
Extract :
"This right is not spelled out in black and white under the PDPA; however, under the Taiwan legal system, a data subject may always lodge a complaint with the relevant competent authorities for any breach of the PDPA."
2023
Reference :
ICLG Website
Link to reference Extracts :
Extract :
"Article 21 of the PDPA, thereby causing damage to others the person shall be sentenced to imprisonment for no more than five years; in addition thereto, a fine of no more than TWD 1 million (approx. €31,770) may be imposed."
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The LPPD does not establish DPIA obligations."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TUR
Extracts :
Extract :
"The LPPD does not define pseudonymised data."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"In addition, the Decision states that, from the date following
the identification of persons affected by the data breach,
data subjects should be notified about the breach in the
shortest reasonable period of time. In particular, if the contact
address of the data subject can be reached, notification
should be made directly, or, in the case it cannot be reached,
notification should be made by appropriate methods, such
as the publication on the data controller's website."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"In cases where the processed personal data are unlawfully
collected by other persons, the data controller shall notify
the same to the data subject and the Board of the KVKK
within the shortest time. The Board of the KVKK may
publicise the breach, when necessary, on its own website
or by any other means that it deems appropriate"
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"The Decision outlines that if personal data held by the data processor is obtained by others by unlawful methods, the data processor shall notify the data controller without any delay."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The PDPA adopts the principle of proportionality in a couple of manners. In addition to Article 5 of the PDPA, with regard to the obligations to keep personal data safe, a company is free to adopt the relevant security measures based on the principle of proportionality. The Enforcement Rules illustrate certain technical and organisational measures that a government or non-government agency may consider adopting, and a company may choose to adopt all or some of them based on the quality and quantity of the personal data involved."
2022
Reference :
Taiwan Data protection overview | DataGuidance
Updated DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extracts :
Extract :
"8.7. Right not to be subject to automated decision-making
Not applicable."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
When collecting personal data, a non-government agency shall notify the data subjects of the following
matters:
• the identity of the non-government agency that is collecting the data;
• the purpose(s) for which the personal data is collected;
• the type of personal data to be collected;
• the term, place, and method of use and the person(s) who may use the personal data;
• the data subject's rights under the PDPA and the manner to exercise such rights; and
• the consequences of the data subject's failure to provide the required personal data."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.1. Right to be informed
When collecting personal data, a non-government agency shall notify the data subjects of the following
matters:
• the identity of the non-government agency that is collecting the data;
• the purpose(s) for which the personal data is collected;
• the type of personal data to be collected;
• the term, place, and method of use and the person(s) who may use the personal data;
• the data subject's rights under the PDPA and the manner to exercise such rights; and
• the consequences of the data subject's failure to provide the required personal data."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"A data subject has the right to access his or her personal data to check and review them and have a
copy of the data."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.3. Right to rectification
A data subject has the right to correct or supplement his or her personal data. A government or nongovernment
agency must cease the processing or use of personal data if there is any dispute over the
accuracy of the personal data, unless:
• the processing or use is necessary for the performance of a government agency’s statutory duties
or a non-government agency’s business operation; or
• the data subject has given written consent and the dispute has been recorded."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
"8.4. Right to erasure
Article 3 of the PDPA explicitly states that a data subject's right to request a government or nongovernment
agency to delete his/her personal data shall not be waived in advance. However, whether
the right to erasure (the right to be forgotten) indeed exists under the PDPA is still subject to debate in
Taiwan. The recent Taiwan Supreme Court decision on the Google case seems to suggest that under the
PDPA, the right to erasure shall exist to certain extent. The Google case is not finalised, though. Please
see section 1.3 above,."
2021
Reference :
Taiwan Data protection overview | DataGuidance
(Data Protection Overview 2021)/ DataGuidance reports
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2022
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
International Data transfer Agreements | DataGuidance
Comparison of international data transfer agreements
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The LPPD does not establish DPIA obligations."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"There is no requirement for a data controller or their
representative to appoint a DPO under the LPPD. The
Regulation, however, provides that data controllers
residing in Turkey should provide details of a contact
person when registering with VERBIS, and that data
controllers located abroad should provide details of
their representative (see section 4.2. of this Guide)."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"There is no requirement for a data controller or their
representative to appoint a DPO under the LPPD. The
Regulation, however, provides that data controllers
residing in Turkey should provide details of a contact
person when registering with VERBIS, and that data
controllers located abroad should provide details of
their representative (see section 4.2. of this Guide)."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
"There is no requirement for a data controller or their
representative to appoint a DPO under the LPPD. The
Regulation, however, provides that data controllers
residing in Turkey should provide details of a contact
person when registering with VERBIS, and that data
controllers located abroad should provide details of
their representative (see section 4.2. of this Guide)."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extracts :
Extract :
"Under the LPPD, there are no exemptions to the
obligation to notify unlawful collection of personal data
to the Board of the KVKK and the data subject."
2021
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extract :
Extracts :
Extract :
Extracts :
Extract :
Data entered based on reference.
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference Extracts :
Extract :
"The following categories of data controllers are exempt from having to register with the VERBİS:
!"data controllers employing less than 50 employees and with an annual balance less than TRY 25 million (approx. €2.4 million) (unless the data controller's main business activity is processing special categories of personal data);
!"data controllers processing personal data through non-automatic means, provided the processing is part of a data filing system; ...... "
2022
Reference :
GDPR vs countries' comparison | DataGuidance
Comparison of GDPR vs countries' data protection laws, definitions etc. - TWN
Extracts :
Extract :
Data entered based on reference.
2021
Reference :
Global Data Security Handbook
BakerMckenzie
Link to reference | Name | Short name | Classification | Jurisdiction | Year of creation |
|---|---|---|---|---|
| Personal Data Protection Office | Regulator | Under the government authority | 2018 |
| Legal text name | Original text name | Legislation type | Year signed | Regulation status | In effect since | Latest update initiated | Latest update areas | Latest update signed year |
|---|