Implementation of internal controls and staff education & training

New hires are given courses relating to confidential information and personal data protection.The Company also held a total of five GDPR Training Lessons in September and October of 2017, with 150 people participating; In December of the same year, we also organized 1 session on “Understanding the Personal Information Protection Act,” with 85 people in attendance.In March 2018, all units within the Group worldwide were informed that any collection, processing, or use of the personal information of EU residents for business purposes must be in compliance with the GDPR, and that in addition to the protection of personal data being incorporated as a consideration during the design phase of products or services, the provision of said products or services must also strictly adhere to legal requirements. Following legal affairs units, any units that collect, process, or use personal information from EU residents must require any staff involved with the protection of personal information to sign a Personal Information Management Assignment Letter, ensuring all staff are in compliance with relevant legislation.In 2018, the Company undertook registration and inventory of personal information protection management in the Taiwan Region, along with regular audits thereof.