PDPA Compliance Training & Advisory Services

PDPA of Thailand

Similar to the GDPR, the intention of the PDPA is to protect data owners (i.e., data subjects under the GDPR) in Thailand from the unauthorized or unlawful collection, use, or disclosure and processing of their personal data.

Thailand’s Personal Data Protection Act (PDPA) was finally approved in February 2019 by the Thai National Legislative Assembly, after several legislative attempts. The PDPA was published in the Royal Thai Government Gazette following the passage of the bill, and came into effect on May 28, 2019. Organizations now have one year to fully comply with their policies by May 27th 2020.

PREPARING FOR COMPLIANCE

Given the short enforcement grace period, it is important that companies begin to review their activities related to personal data (e.g. data of customer, supplier, employee, billing and payment, etc.) and take the necessary steps to ensure that PDPA policies comply with all these requirements, by 27 May 2020.

  • Data mapping to explain the collection, processing, dissemination and storage of your company information, including the definition of the legal basis for personal data collection and use
  • Review of internal policies, agreements and practices regarding personal data
  • Implementation of data management and operating systems
  • Updating existing privacy records and producing relevant legal documentation
  • Ensure that managers and personnel are fully trained in the PDPA criteria
  • Conduct a gap assessment to evaluate existing enforcement rates
  • A process in place to exercise the rights of individuals with regard to their personal data

And with significant penalties for non-compliance and less than a year to the deadline, companies managing Thailand’s data owners ‘ personal data should not wait to start compliance work.

PDPA Gap Assessment

PDPA Data Flow Audit

PDPA Data Protection Impact Assessment

PDPA CONTRACT & LEGAL SERVICES

PDPA DATA BREACH SUPPORT SERVICE

DPO AS A SERVICE (PDPA)