John Eastwood, Nathan Snyder, Wendy Chu, David Rosenthal and Lloyd G. Roberts III of Eiger write:
1. GOVERNING TEXTS
In Taiwan, there are two main branches of legislation pertaining to information security: legislation on cybersecurity and legislation protecting personal data. While the information security aspects of personal data protection legislation (mainly the PDPA) only apply to collection, storage and processing of personal data, the requirements of the cybersecurity legislation (mainly the CSMA) apply depending on the status of the juristic person controlling the data. Certain sector-specific regulations apply more broadly, such as those governing the financial sector.
Read their overview on Lexology.