Are you ready for PDPA

Attention all companies located in Thailand – it’s time to get serious about becoming PDPA compliant.

Thailand’s Personal Data Protection Act BE 2562 (PDPA) will go into effect on June 1st of this year. It is Thailand’s major attempt at protecting IT data within the country, and the demand is for all businesses located in Thailand (as well as any company which collects/processes personal data of Thai citizens’ activities within Thailand) to comply with the regulations. PDPA concerns the collection, use, and disclosure of personal data that is collected by data controllers and processed by data processors.

If you have a company in Thailand, you should already know about this situation, but consider this blog post as a final call to action. If you are not already making preparations to become PDPA compliant, you will most likely miss the deadline.

A quick history of the PDPA act: it is the very first consolidated law in Thailand to govern and regulate data protection in Thailand. Originally, it was published on May 27^th, 2019 and was scheduled to go into effect in May of 2020. However, a one-year exemption was granted by the Thai Cabinet.

The Thai government knows that data protection is a major issue worldwide, and they don’t want to be left behind, thereby remaining vulnerable to cyber attacks. Therefore, it is very important for all Thai businesses to be PDPA-compliant.

Don’t wait for other companies to make the first move; make sure you know all the steps you must take to become compliant by the June 1^st deadline. It is not only important for the protection of your customers’ personal data, but it is also important to avoid penalties that will come in the form of steep fines issued by the government and even imprisonment if the offense is deemed a criminal liability.

Some steps in the process to keep in mind:

• Are you a data processor or a data controller? The two roles differ in that a data controller is more accountable to the data subjects, whereas a data processor only needs to confirm that they are within the parameters already set by the data controller. It is also important to check your partners’ roles as well (i.e., vendors, suppliers, clients, service providers, etc.)
• Have you evaluated your current data flow? This includes gaining consent from the data controller, determining risks and probability of data loss, and assessing what types of data are collected as well as how the different types of data are collected.
• Have you planned out how you will train your staff and employees, informing them of relevant policies and teaching them how to make day-to-day decisions that are PDPA compliant? This includes regular monitoring and auditing of your data process conduct, as well as knowing the right strategy for policy alignment when expanding your business or acquiring other businesses.

There is far more to consider than just those questions and steps, but those are some of the most important. If you need more information about PDPA compliancy, we at Movaci recommend going to this site here.

You can also contact us at [email protected] if you are in need of our services to become PDPA compliant.