|
Article 18
|
Government agencies shall appoint a Personal Data Protection Officer, designated by the head of the agency from among suitable personnel to serve concurrently with their original position. Adequate personnel and resources shall be allocated to this officer, who shall be responsible for coordinating, promoting, supervising, and evaluating matters related to personal data protection within the agency, its subordinate agencies, and agencies under its supervision.<br/>Government agencies shall designate personnel to handle the security and maintenance of personal data files, preventing the theft, alteration, damage, loss, or leakage of personal data. The regulations on the security and maintenance, management mechanisms, measures to be taken, and other related matters concerning personal data files shall be prescribed by the competent authority.<br/>Government agencies shall not impose unfavorable disciplinary actions or take management measures against personnel for lawfully performing personal data protection duties.<br/>The competent authority shall properly plan and implement competency training for the personnel referred to under Paragraphs 1 and 2 to enhance their professional knowledge and skills in personal data protection.<br/>The regulations on the duties, competency requirements, training, and other relevant matters for the personnel referred to under Paragraphs 1 and 2 shall be prescribed by the competent authority.
|