Section 42

The data protection officer shall have the following duties:

(1)give advices to the Data Controller or the Data Processor, including the

employees or service providers of the Data Controller or of the Data Processor with respect to
compliance with this Act;

(2)investigate the performance of the Data Controller or the Data Processor, including the

employees or service providers of the Data Controller or of the Data Processor with respect
to the collection, use, or disclosure of the Personal Data for compliance with this Act;

(3)coordinate and cooperate with the Office in the circumstance where there are problems

with respect to the collection, use, or disclosure of the Personal Data undertaken by
the Data Controller or the Data Processor, including the employees or service providers
of the Data Controller or of the Data Processor with respect to the compliance with this Act;

(4)keep confidentiality of the Personal Data known or acquired in the course of

his or her performance of duty under this Act.

The Data Controller or the Data Processor shall support the data protection

officer in performing the tasks by providing adequate tools or equipment as
well as facilitate the access to the Personal Data in order to perform the duties.

The Data Controller or the Data Processor shall not dismiss or terminate the

data protection officer’s employment by the reason that the data protection
officer performs his or her duties under this Act. In the event that there is
any problem when performing the duties, the data protection officer must be
able to directly report to the chief executive of the Data Controller or the Data Processor.

The data protection officer may be able to perform other duties or tasks but the

Data Controller or the Data Processor must warrant to the Office that such duties
or tasks are not against or contrary to the performance of the duties under this Act.