2018 GDPR Summit Taiwan
Personal information protection is a global issue. The EU has implemented the General Data Protection Regulation (GDPR), which covers any individual or corporation that owns, controls, or processes personal information of EU residents, such as B&B or restaurants hosting EU travelers or EU employees in organizations or enterprises. Even if Taiwanese enterprises do not have a physical presence in the EU, they still need to make sure that the process of obtaining and processing personal information of EU residents, such as the location of a web browser and the history of web browsing, is in compliance with the GDPR.
According to the GDPR, in addition to name, ID or passport number, address, and telephone number, enterprises are not allowed to use or process sensitive information that can directly or indirectly identify an individual without the individual’s authorization. Such sensitive information, including ethnicity, political beliefs, religious beliefs, union membership, health condition, sexual orientation, genetic data, and biometrics, is protected by the GDPR. If any leakage of personal information is not reported to the authority in charge of information protection within 72 hours, a fine of up to EUR20 million (approx. NT$720 million) or 4% of annual global revenue, whichever is higher, may be imposed depending on the severity of the violation of the GDPR. The top three industries in Taiwan that the GDPR Regulation affect the most are the banking, e-commerce, and airline sectors.
Whether Taiwan’s Personal Information Protection Act should be amended and whether standards should be raised are currently under discussion. Scholars have indicated that Taiwan’s Personal Information Protection Act could supersede the GDPR Regulation in terms of severity; however, no government agency has been set up to deal specifically with personal information related issues. ECORYS, European Commission think tanks, Cisco and HTC have been invited to share their expertise and experience at the seminar to help Taiwan enterprises discover potential business opportunities resulting from the GDPR Regulation .