Taiwan’s new Personal Data Protection Act (“PDPA”) has gone into effect as of October 1, 2012, while two controversial articles remain pending. Under this new law, all government, non-government sectors, and individuals will be subject to the PDPA. The definition “Personal Data” is also expanded to a broad scope. The impacts of new PDPA include: (1) all enterprises and individuals that collect, process or use Personal Data are subject to the PDPA; (2) statutory requirements and procedures must be followed when collecting, processing or using Personal Data; (3) proper safety measures must be taken when retaining Personal Data files; (4) failure to comply with the PDPA will be subject to civil liabilities (up to NT$200M), administrative penalties (up to NT$500,000), and criminal liabilities (up to 5 years and/or NT$1M). All enterprises and individuals are advised to take the necessary steps, including amending contracts with related parties and setting up relevant policies and rules in order to comply.