| name | tw-ecom-compliance-pdpa |
| description | E-commerce-specific PDPA (個資法) compliance — member consent at signup, cookie consent, order / payment data retention, DSAR (data subject access request) handling, and cross-border data transfer for TW merchants. Use when building a TW e-commerce signup / CRM flow, responding to member data requests, or auditing cookies. For generic PDPA / GDPR basics see `law-gdpr-pdpa`. STATUS: SKELETON — body pending. |
| metadata | {"category":"WP-05 台灣創業","domain":"ecommerce-tw","layer":"compliance","related_mcps":[],"related_skills":["law-gdpr-pdpa","tw-ecom-compliance-consumer","tw-ecom-operations-line-oa"],"last_verified":"2026-04","status":"skeleton","tags":["taiwan","compliance","pdpa","privacy"]} |
E-Commerce PDPA Compliance
STATUS: SKELETON — body pending.
When to use this skill
- Designing member signup consent for a TW store
- Building cookie-consent banner for TW traffic
- Responding to DSAR (resident data subject access request)
- Designing data-retention policy for order / payment data
- Cross-border transfer (TW → AWS US / GCP APAC)
Do NOT use when
- Generic PDPA / GDPR concepts →
law-gdpr-pdpa
- Marketing consent for LINE OA →
tw-ecom-operations-line-oa
Core concepts
TODO: 個資法 §5 specific-purpose principle, 第八條 告知義務, 蒐集 vs 處理 vs 利用 split.
Decision tree
TODO: data flow → consent form design.
Implementation guidance
TODO: consent form template, DSAR SOP, retention schedule, cross-border transfer assessment.
Gotchas
TODO: 5-6 pitfalls (opt-in vs opt-out confusion, third-party embed leakage, employee access logging, data-breach 72hr notification).
IRON LAW
TODO.
Output Format
TODO.
Related
law-gdpr-pdpa
tw-ecom-operations-line-oa
Last verified: 2026-04