The Small and Medium Enterprise and Startup Administration (SMESA) of the Ministry of Economic Affairs has long collaborated with the management consulting industry to promote the upgrading and transformation of micro, small, and medium enterprises (MSMEs) and to enhance their personal data protection capabilities. To further assist management consulting businesses in adapting to the new regulations of the Personal Data Protection Act (PDPA) and meeting client demands for personal data protection, SMESA compiled the "Practical Guideline Manual for Personal Data Protection and Management in the Management Consulting Industry" last year and published it on its website. To date, it has garnered over 40,000 views and downloads. In the afternoon, May 27th, SMESA held the "Management Consulting Industry Personal Data Protection Advocacy Briefing," featuring opening remarks by Director General Lee. Experts were invited to explain the new PDPA regulations and the practical guidelines for personal data protection and management. Combined with practical case analyses, the briefing aimed to help management consulting businesses quickly grasp the key points of personal data protection and cybersecurity, thereby elevating their awareness and capabilities in personal data management.
SMESA explained that in the process of assisting MSMEs with their transformation, the management consulting industry frequently handles cross-industry and cross-disciplinary client operational data, encompassing diverse fields such as marketing, finance, sustainable development, international certification, and human resources. Furthermore, the necessity of utilizing tools like big data analysis and artificial intelligence to expand business scope has correspondingly increased both the volume and risk of personal data processing. The aforementioned guideline manual was compiled by SMESA based on practical experience in guiding businesses. Its content covers various practical scenarios applicable to both large consulting firms and small-to-medium consulting companies, helping businesses establish compliant systems. By organizing these advocacy briefings, SMESA hopes to encourage more businesses to effectively implement client personal data protection measures.
The briefing invited personal data protection experts from the Science and Technology Law Institute (STLI) of the Institute for Information Industry and KPMG Advisory Services Co., Ltd. to share insights on the new PDPA regulations, key points of administrative inspections, and the practicalities of filling out the self-assessment checklist. Combined with the analysis of management consulting industry cases, this helped businesses grasp the essentials of establishing a personal data protection system. Nearly 50 representatives from the management consulting industry attended the event, demonstrating the industry's significant focus on client personal data protection issues. SMESA also plans to hold subsequent briefings in Taichung and Kaohsiung in the near future to assist more management consulting businesses in implementing personal data protection tasks. The electronic version of the "Practical Guideline Manual for Personal Data Protection and Management in the Management Consulting Industry" has been made publicly available on the SMESA website (https://www.sme.gov.tw/list-tw-2946). Businesses and enterprises intending to strengthen their personal data protection management are welcome to download and utilize it extensively. SMESA will work hand in hand with the industry to jointly create a trustworthy industrial environment and safeguard the personal data security of corporate clients.