Personal Data Protection Act of Thailand
The personal data protection act of Thailand is pretty much similar to European Unions GDPR and India’s PDPA. It offers similar fundamental rights to the citizens of Thailand as mentioned in the gdpr and pdpb of india.
27 May 2020 is the date of enforcement for The Personal Data Protection Act of Thailand (PDPA). PDPA imposes new rules on organizations in Thailand and those that offer goods and services to people in Thailand, or that collect and analyse data tied to Thai citizens, no matter where they are located.
Enhanced Personal Privacy Rights
PDPA gives 7 fundamental rights to the Thai citizens, which can not be breached
Mandatory Data Breach Reporting
Organizations have to report data/security breach to the authorities within 72 hours
Increased Duty for Protecting Data
Businesses have to take strong data security countermeasures
Significant Penalties for Non-compliance
Non compliance with PDPA may cost organizations penalties of upto THB 5 million.
PDPA Consultation Service
We are working in the domain of cyber security and privacy since 2016 and already helped 150+ companies with regulatory compliance such as GDPR, PDPL, CCPA etc. Our team of expert and experienced consultants will help you simplify and deploy the mandatory PDPA compliance.
Gap Assessment
Get a detailed assessment showing your organizations current PDPA compliance posture, and a remediation plan to address the gaps and risks..
Legal Policies
Get legal advice and support in reviewing and updating privacy notices, policies, supplier contracts and international data transfer agreements
Data Flow Mapping
Get an inventory of the personal data held and shared by your organization, and a data flow map of your processes.
Data Protection Impact Assessment
Get an assessment of the data protection risks associated with your new process and a remediation plan to mitigate those risks.
Data Breach Support Service
Get on-call assistance in meeting the PDPA’s 72-hour data breach notification requirements in a structured and compliant manner.
Virtual Data Protection Officer
Get supported by a qualified DPO team who will serve as the independent data protection expert to your organization.
About Aristi
Aristi is into the business of cyber security and privacy since 2016. We are the very first and only cyber security research and consultation company based in central India. We are part of Startup India. Govt of India's flagship scheme to promote startup culture in India.
We know cyber security and privacy sounds complex and at some point it is, but our consultants are known for their capabilities to make complex things easy for business people and help them understand the key needs.
General Questions
Similar to the GDPR, the intention of the PDPA is to protect data owners (i.e., data subjects under the GDPR) in Thailand from the unauthorized or unlawful collection, use, or disclosure and processing of their personal data.
Thailand’s Personal Data Protection Act (PDPA) was finally approved in February 2019 by the Thai National Legislative Assembly, after several legislative attempts. The PDPA was published in the Royal Thai Government Gazette following the passage of the bill, and came into effect on May 28, 2019. Organizations now have one year to fully comply with their policies by May 27th 2020.
The Personal Data Protection Act of Thailand is applicable to businesses based in Thailand and to those organizations who offer goods and services to Thai citizens irrespective to their location.
When it comes to exemptions, PDPA is pretty much controversial. Currently There’s hardly any exemptions for small and mid size businesses. But Govt agencies and organizations have all the authorities to collect and process the data without any information or consent from the end user.
In case of non – compliance organizations will be liable for financial penalties upto THB 5 million. Under some scenarios company owners may face imprisonment upto 1 year.