This article introduces the primary legislation governing personal data protection and cybersecurity in Taiwan: The Computer-Processed Personal Data Protection Act was enacted in 1995, which initially regulated the computer processing of personal data by governmental and non-governmental entities. However, the act was renamed as the Personal Data Protection Act in 2010, which became effective on 1 October 2012. This act now applies to all entities, irrespective of whether they are government or non-governmental entities, foreign or domestic, that collect, process or use personal data within Taiwan. Furthermore, the act specifies specific circumstances in which personal data can be disclosed and limits the use of such data to the purpose for which it was collected. The Taiwanese government has also promulgated additional regulations to interpret and implement the act. The Cyber Security Management Act serves as a standard for cybersecurity plans, and the National Communications Commission provides regulations for the security of personal data in the telecommunications industry. The Communication Security and Surveillance Act defines the scope of government surveillance powers and the procedural requirements.