Given the short enforcement grace period, it is important that companies begin to review their activities related to personal data (e.g. data of customer, supplier, employee, billing and payment, etc.) and take the necessary steps to ensure that PDPA policies comply with all these requirements, by 27 May 2020.
- Data mapping to explain the collection, processing, dissemination and storage of your company information, including the definition of the legal basis for personal data collection and use
- Review of internal policies, agreements and practices regarding personal data
- Implementation of data management and operating systems
- Updating existing privacy records and producing relevant legal documentation
- Ensure that managers and personnel are fully trained in the PDPA criteria
- Conduct a gap assessment to evaluate existing enforcement rates
- A process in place to exercise the rights of individuals with regard to their personal data
And with significant penalties for non-compliance and less than a year to the deadline, companies managing Thailand’s data owners ‘ personal data should not wait to start compliance work.