Why is PDPA important?

The PDPA enforcement starts with a preparation stage for businesses to follow the conditions in the PDPA, design and develop policy to protect personal data of the clients, partners and organizations to be in line with the business operation models by providing advices covering the following issues:

• Assess the law and legal conditions compared to the current operations and policies of the organization
• Assess security and safety conditions compared to IT management of the organization.
• Organize personal data in Data Inventory Mapping (DIM).
• Publish Personal Data Flow Diagram.
• Give advice for the cases that clients request for their
• Give advice and provide sample documents or manuals to operate according to the PDPA including:
  • Privacy Policy
  • Consent Form from data’s owner
  • Personal Data Disposal Policy
  • Personal Data Classification Procedure
  • Third Parties / Cross Border Data Transfer Policy
  • Consent Management Procedure
  • Personal Data Breach Management Procedure
• Provide Data Subject Request Procedure
• Provide Data Protection Impact Assessment and Risk Assessment Methodology
• Provide Awareness Training on PDPA and IT safety.

Which Sectors are related to PDPA enforcement?

Most business sectors still think that this PDPA issue relates only to IT but PDPA is not only important to the IT aspects but also required to be implemented in all organizational units that require personal data collection. Organizations shall involve all relevant stakeholders to properly enforce the law. The affected organisations from this PDPA are:

• HR or Human Resources
• Training Department
• Procurement
• Operation
• Marketing & Sales
  
  

PDPA Penalties

If the organizations do not follow the requests and operations according to personal data right, or if the business does not follow PDPA and causes personal data breach, the penalties are listed in three ways; Civil Penalties, Criminal Penalties and Administrative Penalties. In general, the penalties under PDPA are listed below:

• Maximum Fine of 5 Million Baht
• Maximum Prison Sentence of 1 Year
• Actual Damages including Compensation for penalties maximum two times of actual damages
• If the offender is a juristic person, the liability may be on the director or responsible person(s) of the juristic person too.

How to manage “Personal Data”?
From the preliminary details, it is important that all businesses shall be prepared to correctly and strictly follow the standard of the PDPA. True Business is here for you with many services from True Group led by True Digital Cyber Security. Our consulting teams and experts can give advice on Personal Data Management and all issues related to this PDPA 2019 or called PDPA Consulting Service. Our legal consultants and lawyers on Data Privacy of PDPA and Cyber Law can help review and prepare documents according to the PDPA. Our PDPA Consulting can assist the businesses to manage and improve the operations and softwares that relate to personal data protection. Our team is able to provide advice to any organisations that need to correctly follow the requirements of the PDPA 2019. We provide all in one solution including policy making and organizational management on all relevant systems such as Cookies Consent,  Consent Management, Data Security or Data Breach Protection, etc.  The advice also includes awareness training to organisational staff on relevant laws to be able to protect and store personal data correctly and effectively. Throughout our service term, our team is available to assist on any questions regarding the PDPA. For more information, please contact us at 1239.

More information of Personal Data Protection Act 2019 (latest revision) in the Royal Thai Government Gazzete in http://www.ratchakitcha.soc.go.th/DATA/PDF/2562/A/069/T_0052.PDF