Thailand PDPA enactment is set for 1st June 2022 and not surprisingly email inboxes are being inundated with sales messages trying to take advantage of the PDPA uncertainty. Even though the Thailand PDPA will announce massive changes, the reality for most B2B organizations is far away from the marketing disaster these emails portray may suggest. That aside, it’s essential for B2B and B2C organisations to engage with PDPA consultants who are aware of the ever-changing regulatory landscape and has a framework in place to tackle that challenge.
What You Need To Know About The PDPA
Before we get to the main point of how to select and engage with the right consultancy to help you implement the required PDPA compliance changes, let’s take a moment to get an overview of the important points about the PDPA.
- The PDPA requires that you must have a lawful basis to process a data subjects personal data, for example, contact information Name, residential address, email address etc. Data Subjects consent is one legal basis and mostly used in marketing activities. For the majority of the activities, the processing for business will be in relation to a contract or a delivery of a service.
- The companies that control and process personal data will additionally be held accountable for the security and availability of the data and the internal policies and processes they have in place to safeguard the data entrusted to them.
Now you have decided on the need for expert advice and services lets look at how you should consider who to engage with.
PDPA How to Engage The Right PDPA Consultancy
Here are 4 checkpoints that you should look for in your PDPA consultancy:
1. Data Privacy Legal PROWESS:
It must be understood that the PDPA is legislation. when trying to gain an understanding of how the new regulation will impact both your business and your customers, you will need a partner with legal expertise. Look for PDPA consultants who have a history of and knowledge of regulatory contract law and data protection legislation.
2. LONG TERM Relationship:
The Thailand PDPA will evolve and present many obligations and challenges for organisations post 1st June 2021. on par with your health and safety or anti-bribery regulations. Your PDPA consultant should be trustworthy to the point that you can rely on them consistently both immediately and in the future rather than just some short-term associations to meet short term goals.
3.Knowledge and Expertise In Data Breach Response Processes
Where your organisation experiences a data breach, you will most likely to be subject to an inquiry and audit by the PDPC. Good PDPA consultants should be able to present a defence and represent your business to the PDPC. To accomplish that the consultant must have worked closely with your organisation and have knowledge of the PDPA implementation of the PDPA compliance. This enables the consultant to be in a strong position to deliver your data breach defence.
4. Be Mindful of Hidden Sales Agendas
In our experience, we have been able in most cases to achieve data privacy compliance around the globe without disruption of the operating model of our clients operating framework. The PDPA partner of choice should come from a solid background of data regulatory regulations and is able to operate within existing processes and technology and offer unbiased suggestions when required.