EN
©2001-2026 Atumi & Sakai
I. Introduction
Taiwan’s Personal Data Protection Act (hereinafter the “PDPA”) was amended and promulgated by the President on November 11, 2025 (effective date to be determined), marking the most significant structural revision to Taiwan’s personal data protection framework in recent years. Please also refer to our firm’s prior newsletter, “Introduction to Taiwan’s Personal Data Protection Act (English Version).”
The focus of this amendment is to vest the Personal Data Protection Commission (hereinafter the “Commission”), as the competent authority under the PDPA, with the necessary supervisory and enforcement powers in conjunction with its establishment. The amendment restructures the supervisory framework for government agencies and private entities, including the explicit stipulation of notification and reporting obligations upon the occurrence of personal data incidents. It also strengthens the administrative inspection regime and adjusts the corresponding penalties, while retaining transitional flexibility regarding the transfer of supervisory authority during the six-year transition period following the establishment of the Commission, so as to accommodate practical needs.
This article outlines the key points of the amendments and further analyzes the potential impact of the new law on government agencies and private entities, providing a reference for enterprises to formulate compliance systems and risk management strategies under the newly amended PDPA.
Please click here for the full newsletter.
【Contents】
II. Competent Authority under the PDPA and Empowerment
III. Notification Obligations, Reporting Obligations, and Response Measures for Personal Data Incidents IV. Transfer of Supervisory Authority over Private Entities and Transitional Arrangements V. Reform of the Administrative Remedies System
VI. Government Agency Supervisory System
VII. Conclusion
【Related Links】
Newsletter
JPN: 「2025年台湾個人情報保護法改正要点」:台湾プラクティスチーム
TW: 「2025年台灣個人資料保護法修法重點」(繁体中文版)