PDPA stands for Personal Data Protection Act B.E. 2562 (2019), announced in the Act on 27 May 2019 after being postponed for many years and has now officially been enforced since 1 June 2021.
PDPA will have the PDPA Committee of the Ministry of Digital Economy and Society as the supervisory authority of this PDPA.
This PDPA aims to protect personal data not to be used without being notified or informed, and/or receiving consent from the owner of such data. The core point of this Act focuses on businesses, organisations and units or juristic persons that require “Standard” and proper data management to protect personal data from being used negatively or causing any damage in person or organization. Each organization is then required to apply this law to protect data breach to create accountability and gain trust from the customers.
Why is PDPA important?
The PDPA enforcement starts with a preparation stage for businesses to follow the conditions in the PDPA, design and develop policy to protect personal data of the clients, partners and organizations to be in line with the business operation models by providing advices covering the following issues:
Which Sectors are related to PDPA enforcement?
Most business sectors still think that this PDPA issue relates only to IT but PDPA is not only important to the IT aspects but also required to be implemented in all organizational units that require personal data collection. Organizations shall involve all relevant stakeholders to properly enforce the law. The affected organisations from this PDPA are:
PDPA Penalties
If the organizations do not follow the requests and operations according to personal data right, or if the business does not follow PDPA and causes personal data breach, the penalties are listed in three ways; Civil Penalties, Criminal Penalties and Administrative Penalties. In general, the penalties under PDPA are listed below:
How to manage “Personal Data”?
From the preliminary details, it is important that all businesses shall be prepared to correctly and strictly follow the standard of the PDPA. True Business is here for you with many services from True Group led by True Digital Cyber Security. Our consulting teams and experts can give advice on Personal Data Management and all issues related to this PDPA 2019 or called PDPA Consulting Service. Our legal consultants and lawyers on Data Privacy of PDPA and Cyber Law can help review and prepare documents according to the PDPA. Our PDPA Consulting can assist the businesses to manage and improve the operations and softwares that relate to personal data protection. Our team is able to provide advice to any organisations that need to correctly follow the requirements of the PDPA 2019. We provide all in one solution including policy making and organizational management on all relevant systems such as Cookies Consent, Consent Management, Data Security or Data Breach Protection, etc. The advice also includes awareness training to organisational staff on relevant laws to be able to protect and store personal data correctly and effectively. Throughout our service term, our team is available to assist on any questions regarding the PDPA. For more information, please contact us at 1239.
More information of Personal Data Protection Act 2019 (latest revision) in the Royal Thai Government Gazzete in http://www.ratchakitcha.soc.go.th/DATA/PDF/2562/A/069/T_0052.PDF