Preparing and implementing PDPA compliance policies in Thai companies

4 important obligations for businesses to oblige before PDPA come into effect include:

1. Duty to collect ion , use, or disclose of personal data

  • Set a Records of Processing Activity (ROPA) to help analyze data minimization and purpose limitation
  • Set a privacy notice to notify customers to show transparency in collection, usage or disclosure of personal data. Customers’ consent will also be required.
  • Select data processor according to the duties and issue data processing agreement
  • In the event that the data controller sends or transfers personal data to third countries, Binding Corporate Rules (BCR) or standard contractual clauses must be provided.

2. Duty to secure the data

  • Data controllers have to determine measures or policy within the organization to standardized data management, if a data breach occurs, there may be problems.

3. Duty to grant rights to data owners

  • The company must prepare a process for data owners to exercise their rights. For example, the preparation to oblige by users’ requests such as to view their data collection and amend their consent.

4. Duty to designate a data protection officer (DPO)

  • The DPO is responsible for advising how organizations should comply with PDPA Act
  • DPO must understand the organization, the PDPA act, and IT & security very well
  • DPO can be either a team or an individual
  • Internal policy
  • Data breach
  • Data subject rights
  • Data processing agreement
  • Standard contractual clauses, in case you transfer the personal data to third countries

--

--

--

Thailand's first and Southeast Asia's largest startup ecosystem. [www.truedigitalpark.com]

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Security risk on third-party packages

Mask Network (MASK) and Rally (RLY) are now available on Coinbase

HackTheBox Writeup — Doctor

Degis First Round Airdrop is Live 🎊

{UPDATE} princess Hair Salon !!! Hack Free Resources Generator

Footprinting — The Understructure of Ethical Hacking

Social Engineering Threatening Businesses’ Cyber Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
True Digital Park

True Digital Park

Thailand's first and Southeast Asia's largest startup ecosystem. [www.truedigitalpark.com]

More from Medium

7 Best Failproof Ways to Sell Used Phones at Your Cell Phone Repair Shop — General Info Blog

CS373 Fall 2021: Lorenzo Martinez: Final Entry

Note that with each wallet, the maximum number of Trava Knight NFT that can be deposited in one…

Global Metaverse Bootcamp Team Project syllabus