[et_pb_section fb_built=”1″ _builder_version=”3.22″][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.7.7″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”]Thailand’s Personal Data Protection Act (PDPA) law is currently undergoing amendments even before it’s delayed enactment for covid-19 now due May 27th 2021. The PDPA will be immediately added to.
PDPA laws are being updated as we speak, with full compliance and implementation for the additional requirements expected by June 1, 2021. So what does this mean for your business? Let’s discuss.
What businesses must know (and do) before the June 2021 deadline
In July 2020, the Thai government issued a Notification which will act as a stop-gap to ensure that all personal data is fully protected until the currently deferred PDPA provisions become effective in 2021 – when PDPA compliance will be mandatory for every business working with customers’ personal information.
Under this Notification, your designed Data Controller must implement the required security controls and measures immediately – including but not limited to – technical, administrative and physical safeguards for protecting personal data and bringing staff awareness up to the required level.
The Notification outlines minimum standards for personal data security measures which cover technical safeguard, physical safeguard and administrative safeguard measures in regards to the access, use and control of personal data – referred to as “Measures”.
These Measures set out the following:
- Personal data access control and the equipment procured for collecting and processing all such personal data must consider its use, safety and security;
- Entities are now responsible for setting out the relevant criteria to be put in place in regards to authorization or rights for accessing personal data;
- User access management protocols should be in place to control personal data access by authorized personnel only;
- User responsibilities to be clearly outlined for preventing unauthorized access, disclosure, copying of or knowledge on personal data, and theft/stealing of equipment used to process personal data
- Any retroactive inspections around personal data access, erasures, alterations or transfers are to be arranged in accordance with the appropriate methods employed for collecting, using or disclosing personal data.
It should be noted that the above Measures outline data security standards at the base level only which the Notification has set forward. In practical application, the implementation of these data security measures may vary from company to company. However, those security standards must at the very least meet the base requirements above.
Additionally, your designated data processor or data controller under the PDPA’s Notification is now required to:
- Implement the Measures – that is, to create a data inventory and update or procure a new IT system for this purpose
- Notify all employees, staff members or relevant individuals of the Measures as per the Notification to raise awareness around how important personal data protection is, and to encourage compliance, verbatim.
If you have any questions or concerns about what these amendments enforceable by June 2021 mean, then please get in touch with data privacy and compliance experts.
At VinarcoPDPA, we are committed to helping businesses across all sectors abide by and implement the latest PDPA laws in Thailand in order to protect their users’ personal information and avoid any unnecessary fines.
Great PDPA compliance begins with knowledge and a proactive approach to guarding your customers’ private data, as well as your reputation.
[/et_pb_text][et_pb_code _builder_version=”4.9.4″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″] [ninja_form id=6][/et_pb_code][/et_pb_column][/et_pb_row][/et_pb_section]