Newsletter
MOEA plans to extend its data protection regulations for general merchandise retailers to other retailers
MOEA plans to extend its data protection regulations for general merchandise retailers to other retailers
Ken-Ying Tseng / Sam Huang
On August 13, 2024, the Ministry of Economic Affairs (“MOEA”) announced draft amendments (“Draft Amendments”) to the Regulations Governing the Personal Data Files Security Maintenance Plan for General Merchandise Retailers (“GMR Data Regulations”).
The Draft Amendments extend the GMR Data Regulations’ application scope to all other retailers engaging in (a) brick-and-mortar store retailing or (b) both brick-and-mortar store retailing and online retailing, except for those under the supervision of other central authorities (such as traditional Chinese medicine, drugs, medical devices, or cosmetics retailers and multi-level marketing enterprises).
In addition to general merchandise retailers (such as department stores, hypermarkets, supermarkets, and convenience stores), other retailers under the MOEA’s charge (including, but not limited to, those dealing in apparel, household utensils/supplies, cultural/educational/recreational supplies, information and communication equipment, appliances, automobile and motorcycle parts/components) who meet the following criteria must establish a security maintenance plan for personal data files (“Security Maintenance Plan”) within six months of the Draft Amendments taking effect to prevent personal data from being stolen, altered, damaged, destroyed, lost, or leaked:
1. Having completed its corporate, limited partnership, or business registration, with a capital of NT$10 million or more, and recruiting members or collecting personal data from trading parties; or
2. Having been designated by the MOEA.
The Draft Amendments further require that applicable retailers using IT systems to collect, process, or use personal data adopt enhanced information security measures. According to the Administration of Commerce, MOEA, the Draft Amendments are anticipated to be promulgated and take effect by the end of 2024. It is advisable for retailers under the MOEA’s supervision to assess in advance whether their current security measures are adequate and conform to the Draft Amendments.
Lee and Li’s Digital, TMT, and Data Privacy Practice Group has extensive experience in assisting companies with the stipulation and implementation of their Security Maintenance Plans. Please do not hesitate to contact the practice group if you are interested in the relevant services.