Preparing and implementing PDPA compliance policies in Thai companies

4 important obligations for businesses to oblige before PDPA come into effect include:

1. Duty to collect ion , use, or disclose of personal data

  • Set a Records of Processing Activity (ROPA) to help analyze data minimization and purpose limitation
  • Set a privacy notice to notify customers to show transparency in collection, usage or disclosure of personal data. Customers’ consent will also be required.
  • Select data processor according to the duties and issue data processing agreement
  • In the event that the data controller sends or transfers personal data to third countries, Binding Corporate Rules (BCR) or standard contractual clauses must be provided.

2. Duty to secure the data

  • Data controllers have to determine measures or policy within the organization to standardized data management, if a data breach occurs, there may be problems.

3. Duty to grant rights to data owners

  • The company must prepare a process for data owners to exercise their rights. For example, the preparation to oblige by users’ requests such as to view their data collection and amend their consent.

4. Duty to designate a data protection officer (DPO)

  • The DPO is responsible for advising how organizations should comply with PDPA Act
  • DPO must understand the organization, the PDPA act, and IT & security very well
  • DPO can be either a team or an individual
  • Internal policy
  • Data breach
  • Data subject rights
  • Data processing agreement
  • Standard contractual clauses, in case you transfer the personal data to third countries




Thailand's first and Southeast Asia's largest startup ecosystem. []

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How to Claim 800,000,000 ShibaNetwork (SHIBN) Token Airdrop - video 🎥👇

BrightScan #ThreatIntelThursday | Front Door Attacks

Maximize Security With This URL Classification API

How to Earn Crypto… For Free!

{UPDATE} Get Word — ?ollect words! Hack Free Resources Generator

{UPDATE} Behoarder Hack Free Resources Generator

Proxy Diversity (or lack of)

Black Hat Hacking Forums Hacked: Possibly a LulzSec Attack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
True Digital Park

True Digital Park

Thailand's first and Southeast Asia's largest startup ecosystem. []

More from Medium

CS371p Spring 2022: Malithy Wimalasooriya — Week 5

Node.js Architecture Software architecture is defined as the software infrastructure within which…

Upgrade SSD for Windows 10 machine

CS371p Spring 2022: Dinesh Krishnan Balakrishnan