In response to the amendments to the Personal Data Protection Act (PDPA) promulgated on 30 December 2015 and effective from 15 March 2016, the Financial Supervisory Commission (FSC) amended the Regulations Governing Security Measures of the Personal Information File for Non-government Agencies Designated by the Financial Supervisory Commission (Regulations) on 5 May 2016. The main points of the amendments are as follows:
- To accommodate the amended PDPA that "special personal data" could be collected, processed or used by the data collector after it has obtained the "written consent" of the data subject, the FSC amended the latter part of Subparagraph 1 of Article 8 of the Regulations. The amendment provides that the data collector shall implement the personal data control procedures to ensure the written consent which it has obtained in respect of the special personal data complies with the relevant "consent" provisions under Paragraphs 1, 2 and 4 of Article 7 of the PDPA, which are applicable mutatis mutandis pursuant to Paragraph 2 of Article 6 of the same Act.
- To accommodate the amended PDPA that (1) the "written consent" for collecting, processing and using "general personal data" has been replaced with the term of "consent" without necessity of obtaining a written consent and (2) added the provisions of "deemed consent" and "data collector's burden to prove the fact that consent of the data subject has been given", the FSC slightly amended the relevant wordings of Subparagraphs 3 and 4 of Article 8 of the Regulations.