1. Plan Compliance Roadmap with Thailand's PDPA
The first step when we start a project with our clients (regardless of full DPO or Advisory service), our expert consultants will sit down with the client to see where they are in their compliance journey, what has been completed? What has not been completed? What is pending? And together with the client’s input, we jointly map out our planned PDPA compliance roadmap with key milestones, deadlines, and follow-up procedures to ensure that our client is on track to PDPA compliance.
2. Provide advice on creation/completion of Record of Processing Activities and Data Mapping
ROPA is the key to discovering data flows both internally and externally for your organization. For clients who have not started their ROPA phase, we will guide them through step-by-step to ensure that this phase is executed to achieve desired outputs. We will then advise you on how to create a full data map.
3. Provide advice on creating/reviewing all Data Protection related policies/procedure OR providing templates
Jointly completed with the ROPA phase, we can conduct a review of client’s external and internal privacy policies and/or all Data protection policies and procedures to ensure 1) legal compliance 2) operational efficiency. Our legal team and consultants will work to ensure that all documentation is suitable for client’s operations and legal compliance. For clients that do not have policies in place, we can provide fully customized templates for client’s review and approval
4. Provide advice on relevant data retention schedules
According to the PDPA, how long we keep certain data types and if we have a destruction policy that complies with the PDPA are essential. We will work with the client in developing a data retention schedule for all data-types in various departments across the business to ensure operational efficiency and legal compliance.
5. Provide advice on Data Subject Access Requests (DSAR)
Our consultants will provide advice and setting up your DSAR management protocols and procedures, alongside providing expert advice on incoming access requests that have complexities to handle. Throughout the course of the contract, we will be available to support our clients the full scope of DSAR.
6. Vendor/Third party due diligence management advisory
3rd Party and Vendor management is also an essential area for PDPA compliance. We will support our clients in advising with vendor due diligence, evaluation, and pre-qualification to ensure that vendors have Data Protection policies in place, or issue DPA (Data Protection Addendums) to rectify scope of vendor responsibilities.
7. Provide legal advice on PDPA and international data transfers
Our consultants and legal team will be ready to advise our clients on legal matters related to the PDPA and/or any international transfer cases. We will assign a designation contact person for our clients to be able to contact via phone, email, or MS Teams.