E-Commerce PDPA Compliance 台灣電商:E-Commerce PDPA Compliance
Coming Soon即將推出E-commerce-specific PDPA (個資法) compliance — member consent at signup, cookie consent, order / payment data retention, DSAR (data subject access request) handling, and cross-border data transfer for TW merchants. Use when building a TW e-commerce signup / CRM flow, responding to member data requests, or auditing cookies. For generic PDPA / GDPR basics see `law-gdpr-pdpa`. STATUS: SKELETON — body pending.
台灣電商技能:E-Commerce PDPA Compliance 分析與應用。
When to use this skill
- Designing member signup consent for a TW store
- Building cookie-consent banner for TW traffic
- Responding to DSAR (resident data subject access request)
- Designing data-retention policy for order / payment data
- Cross-border transfer (TW → AWS US / GCP APAC)
Do NOT use when
- Generic PDPA / GDPR concepts →
law-gdpr-pdpa - Marketing consent for LINE OA →
tw-ecom-operations-line-oa
Core concepts
TODO: 個資法 §5 specific-purpose principle, 第八條 告知義務, 蒐集 vs 處理 vs 利用 split.
Decision tree
TODO: data flow → consent form design.
Implementation guidance
TODO: consent form template, DSAR SOP, retention schedule, cross-border transfer assessment.
Gotchas注意事項
TODO: 5-6 pitfalls (opt-in vs opt-out confusion, third-party embed leakage, employee access logging, data-breach 72hr notification).
IRON LAW
TODO.
Output Format輸出格式
TODO.
Related
law-gdpr-pdpatw-ecom-operations-line-oa
Last verified: 2026-04