Talk To An Expert

+66 (0) 2285 6240-9

Thailand PDPA: Things To Consider When Choosing The Right PDPA Partner

Global Data Privacy Regulations

Thailand PDPA

Thailand PDPA  enactment is set for  1st June 2022 and not surprisingly email inboxes are being inundated with sales messages trying to take advantage of the PDPA uncertainty. Even though the Thailand PDPA will announce massive changes, the reality for most  B2B organizations is far away from the marketing disaster these emails portray may suggest. That aside, it’s essential for B2B  and B2C organisations to engage with PDPA consultants who are aware of the ever-changing regulatory landscape and has a framework in place to tackle that challenge.

What You Need To Know About The PDPA

Before we get to the main point of how to select and engage with the right consultancy to help you implement the required  PDPA compliance changes, let’s take a moment to get an overview of the important points about the  PDPA.

  • The PDPA requires that you must have a lawful basis to process a data subjects personal data, for example, contact information Name, residential address, email address etc. Data Subjects consent is one legal basis and mostly used in marketing activities. For the majority of the activities, the processing for business will be in relation to a contract or a delivery of a service.
  • The PDPA will mandate accountability and responsibility to the user whose personal data is being processed – therefore an understanding of how their personal data is processed, request for data portability, right of data erasure., rectification and processing restriction. Businesses are obliged to communicate this clearly and transparently within a published privacy policy and a link to this policy to be placed on all web pages.
  • The companies that control and process personal data will additionally be held accountable for the security and availability of the data and the internal policies and processes they have in place to safeguard the data entrusted to them.

Now you have decided on the need for expert advice and services lets look at how you should consider who to engage with.

PDPA How to Engage The Right PDPA Consultancy

Here are 4 checkpoints that you should look for in your PDPA consultancy:

1. Data Privacy Legal PROWESS:

It must be understood that the PDPA is legislation. when trying to gain an understanding of how the new regulation will impact both your business and your customers,  you will need a partner with legal expertise. Look for PDPA consultants who have a history of and knowledge of regulatory contract law and data protection legislation.

2. LONG TERM Relationship:

The Thailand PDPA will evolve and present many obligations and challenges for organisations post 1st June 2021. on par with your health and safety or anti-bribery regulations. Your PDPA consultant should be trustworthy to the point that you can rely on them consistently both immediately and in the future rather than just some short-term associations to meet short term goals.

3.Knowledge and Expertise In Data Breach Response Processes

Where your organisation experiences a  data breach, you will most likely to be subject to an inquiry and audit by the PDPC. Good PDPA consultants should be able to present a defence and represent your business to the PDPC. To accomplish that the consultant must have worked closely with your organisation and have knowledge of the PDPA implementation of the  PDPA compliance. This enables the consultant to be in a strong position to deliver your data breach defence.

4. Be Mindful of Hidden Sales Agendas

Always carry out due diligence before engaging with PDPA consultants.  With the PDPA enactment deadline for compliance just less than three months away, for many vendors of IT security products, and legal packs the  PDPA has become a sales tool. For example, an off-shelf Privacy policy template may look correct but will almost certainly not resemble your data processing activities and in almost all cases have to be re-written at an expense.

In our experience, we have been able in most cases to achieve data privacy compliance around the globe without disruption of the operating model of our clients operating framework. The PDPA partner of choice should come from a solid background of data regulatory regulations and is able to operate within existing processes and technology and offer unbiased suggestions when required.

Share This :

Recent Posts

Have Any Question?

The world of data privacy laws and compliance can be a complex maze. We’re here to offer competitive data privacy protection and regulatory services to help you deal with day-to-day data privacy compliance and maintenance challenges.