Talk To An Expert

+66 (0) 2285 6240-9

Achieving PDPA Compliance: Why a Gap Analysis and Remediation Report is Key

Global Data Privacy Regulations

Thailand PDPA

[et_pb_section fb_built=”1″ _builder_version=”3.22″][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.4″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” hover_enabled=”0″ sticky_enabled=”0″]

Achieving Thailand PDPA compliance is no small matter for any company or educational establishment, but the way you go about it can be the difference between success and failure. With the right management tools at your disposal, it can be achievable.

A PDPA gap analysis shows your current compliance status compared to where you should be. It helps you close gaps. It’s useful to do at any stage, whether you’re just starting to achieve PDPA compliance or have been tackling it from the outset and stalled.

There are several ways to go about a PDPA gap analysis, but where do you start? This article looks at areas covered by an analysis and what tools you can use to perform one. Let’s start with the first step of a PDPA compliance checklist



Limitation Principles



For collection, storage and use the PDPA has the following principles.

(a)   Purpose limitation.  The Controller cannot collect, use or disclose personal data for any other purpose than the initial purpose as consented to by the data subject.


(b)   Proportionality.  The Controller cannot collect, use or disclose more personal data than is necessary to achieve the intended purpose.


(c)   Collection limitation. Data controllers and processors may only collect personal data directly from the data subject, subject to limited exceptions.


(d)   Retention limitation.  The Controller cannot store personal data for longer than necessary to achieve the intended purpose.


(e)   Transfer limitation.  Data controllers and processors cannot transfer data to countries that do not meet the adequacy levels required for data protection standards, except for a transfer under an approved process verified and certified by the OPDPC.



The Scope of a PDPA Gap Analysis



The scope of a PDPA gap analysis may vary depending on who conducts it and for whom, but it is often comprehensive. If you’re a long way from compliance, a lighter gap analysis may be in order so you can quickly make the most pressing changes. Some of the key areas a GDPR gap analysis might examine are below.

  • Policy and Procedure Management: How does your organisation define, document, communicate and assign accountability for your privacy policies and processes.
  • Notices: How does your organisation notify data subjects about your privacy policies, purposes and procedures for which you collect use and retain personal data?
  • Choices and Consent: How do you outline the choices available to the data subjects about the data they disclose. What methods do you use to gain consent?
  • Collection: How does your organisation manage the collection of personal data ensuring that it is used in line with the purposes outlined in the privacy policy
  • Use, Retention and Disposal: Is your organisation only using personal data for the purposes that your data subjects have consented to and for as long as necessary. When data is no longer required, are you disposing of it appropriately?
  • Access Rights: How does your organisation, provide, manage, and process access to data subject data.
  • Disclosure: If your organisation discloses personal data to third parties is this only for the purposes outlined in policies and contracts.
  • Security for privacy: How does your organisation protect personal information from unauthorised access, both logical and physical.
  • Data Quality: Is the data you collect and store accurate. Is it complete and relevant to the purposes identified in your privacy policies?
  • Monitoring and enforcement: How does your organisation monitor your compliance with your privacy policies and procedures. What measures are in place to deal with privacy-related complaints and disputes?



PDPA Gap Analysis: Who & How



There are different pathways to perform a PDPA gap analysis. You can use a consultancy firm, employ someone in-house, or use PDPA software to do most of the work for you or a mixture of both. The latter is viable for small to mid-sized businesses (SMEs).



Internal PDPA Gap Analysis



Organisations can perform their internal gap analyses using teams of technical or legal professionals if they have the resource bandwidth. Some companies use a PDPA compliance checklist, which asks a long series of questions about all aspects of data processing and protection (e.g. security policies and processes, roles and responsibility, record-keeping, legal and regulatory). Checking compliance is a time-consuming project.



PDPA Software



PDPA software provides a beneficial solution to analysing compliance for SMEs. Because everything is in the cloud, collaborative efforts towards compliance are easier. Changes occur in real-time. It’s affordable, too. Let’s look at  what PDPA software can do:

  • Data Mapping: locating and tracking the flow of data
  • Data Protection Impact Assessment (DPIA): assesses the risk of data processing to subjects
  • Generates PDPA compliant privacy policies and contracts
  • Subject access management creates a mechanism for handling SARs
  • Data breach management helps manage and report data breaches
  • Subject consent management assists in all aspects of gaining, recording and renewing consent
  • Compliance assessment: generates a data protection programme tailored to your company
  • DPO features help responsible parties implement and track compliance



Eliminating  the Gaps

Comprehensive Gap Analysis Report

Instantly see where your GDPR maturity status is with clearly describe gaps for remediation.


Comprehensive Remediation Report


The report clearly explains what is needed to remediate the gaps.


Start your PDPA Journey today

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_column type=”1_2″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_code _builder_version=”4.7.7″ _module_preset=”default” background_color=”#73c2e0″][weforms id=”1230″][/et_pb_code][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_blurb title=”Get Ready Now” _builder_version=”4.7.7″ _module_preset=”default” header_level=”h2″ header_font=”|700|||||||” header_text_align=”center” header_text_color=”#28952d”]

VinarcoPDPA has a wide portfolio of services that makes dealing with Thailand PDPA laws an absolute breeze. Stay in full control of your privacy policy, and comply with PDPA regulations according to your business requirements.

[/et_pb_blurb][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.7.7″ _module_preset=”default”][et_pb_column type=”4_4″ _builder_version=”4.7.7″ _module_preset=”default”][et_pb_countdown_timer title=”Countdown to Thailand PDPA ” date_time=”2022-06-01 00:00″ _builder_version=”4.9.4″ _module_preset=”default” header_text_color=”#28952d” numbers_text_color=”#28952d” label_text_color=”#28952d” background_color=”#282f39″ hover_enabled=”0″ sticky_enabled=”0″][/et_pb_countdown_timer][/et_pb_column][/et_pb_row][/et_pb_section]

Share This :

Recent Posts

Have Any Question?

The world of data privacy laws and compliance can be a complex maze. We’re here to offer competitive data privacy protection and regulatory services to help you deal with day-to-day data privacy compliance and maintenance challenges.