Taiwan: Moves Forward with New Data Protection Reforms

Written By Jerry Sin

Taiwan’s Executive Yuan approved two major proposals to improve how the country protects personal data. These changes include the creation of a new government agency and updates to existing privacy laws, which announced on 27 March 2025.

What’s Changing?

New Data Protection Commission:
A new agency called the Personal Information Protection Commission (PIPC) will be set up. This agency will oversee how personal data is handled in Taiwan. The government has outlined its purpose, structure, and responsibilities.

Updated Privacy Laws:
Taiwan’s existing Personal Data Protection Act (PDPA) is getting several important updates. These include:

  • A new authority to lead and coordinate privacy policies.

  • Requirements for public and private organizations to take action and report when data leaks or privacy incidents happen.

  • Government agencies must appoint dedicated officers to oversee data protection.

  • Rules for how personal data should be stored and protected will be strengthened.

  • New powers for the government to inspect how organizations handle data.

  • Clearer rules on how organizations should respond to data breaches.

  • Penalties for companies that don’t follow the rules.

  • Individuals will have the right to challenge penalties directly in court.

What’s Next?

These proposals will now be reviewed by Taiwan’s Legislative Yuan (the country's lawmaking body) before becoming official laws.

The official documents are only available in Chinese - here

Jerry Sin
Next

How to Protect Against Cyberattacks That Overload Websites