Newsletter
MOEA plans to extend its data protection regulations for general merchandise retailers to other retailers
On August 13, 2024, the Ministry of Economic Affairs (“MOEA”) announced draft amendments (“Draft Amendments”) to the Regulations Governing the Personal Data Files Security Maintenance Plan for General Merchandise Retailers (“GMR Data Regulations”).
The Draft Amendments extend the GMR Data Regulations’ application scope to all other retailers engaging in (a) brick-and-mortar store retailing or (b) both brick-and-mortar store retailing and online retailing, except for those under the supervision of other central authorities (such as traditional Chinese medicine, drugs, medical devices, or cosmetics retailers and multi-level marketing enterprises).
In addition to general merchandise retailers, other retailers under the MOEA’s charge who meet the following criteria must establish a security maintenance plan for personal data files within six months of the Draft Amendments taking effect to prevent personal data from being stolen, altered, damaged, destroyed, lost, or leaked:
1. Having completed its corporate, limited partnership, or business registration, with a capital of NT$10 million or more, and recruiting members or collecting personal data from trading parties; or
2. Having been designated by the MOEA.
The Draft Amendments further require that applicable retailers using IT systems to collect, process, or use personal data adopt enhanced security measures. It is advisable for retailers under the MOEA’s supervision to assess in advance whether their current security measures are adequate and conform to the Draft Amendments.