Thailand postpones the PDPA enforcement: What it is and how to prepare your business for the PDPA

Businesses take note. Officially,  Thailand postpones the PDPA or the Personal Data Protection Act (PDPA) to June 1, 2022. Considered as the first local law designed to govern data protection in the digital age, the PDPA was originally scheduled to come into effect on June 1, 2021. However, it created multiple challenges for both local and foreign businesses alike. In addition, the ongoing COVID-19 crisis is putting extra pressure on numerous corporations. In this Pacific Prime Thailand article, we’ll go through what it is and how to prepare your business for the enactment of PDPA.

Note that meanwhile, your business is still required to comply with the Data Protection Standard, as prescribed by the Ministry of Digital Economy and Society (MDES).

What is the PDPA?

Taking a page from the European General Data Protection Regulation (GDRP), the PDPA is a data protection law. Key aspects of it include: data processing, data collection, data storage, and data consent protocols.

Under the PDPA, you have the right to control how your personal data is collected, stored, disseminated and protected by organizations. We all have the right to know which organizations have our data, and how they use and share it. The PDPA prescribes duties and responsibilities to those who control and process our data.

Below is a brief overview of several key features of the PDPA:

1. An opt-out procedure must be made available

Data collectors (DCs) must make available an opt-out procedure which allows clients to withdraw his/her consent. They must then notify their clients of this option. However, DCs can continue to keep and use personal data which was collected prior to the PDPA becoming effective. Note that this is only possible if its collection or use is within the scope of the original purpose.

2. Secured cross-border transfer of personal data

Recipient countries who collect personal data in Thailand must have “adequate personal data protection standards”. Also, this migration of data must comply with the Personal Data Protection Committee’s rules of protection.

3. Data Protection Officer appointment

You should appoint a Data Protection Officer (DPO) if the personal data you process/collect requires regular monitoring because it is sensitive and/or large in scale. On top of that, your DPO should be able to communicate in Thai.

Preparing your business for when the PDPA comes into law

Here is a non-exhaustive list of the key actions you can do to prepare before June 1st, 2022.

• Make sure your company has an “opt out” procedure in place for the past personal data you collected.
• Do you have a global personal data protection policy covering the migration of personal data to your main office or offices overseas? If not, consider developing a policy to cover Thailand.
• Evaluate the size and nature of the personal data you handle in Thailand. You might be required to appoint a DPO. Having said that, the PDPC has yet to announce the threshold of personal data in order to appoint a DPO.

Protect your company with corporate insurance

While Thailand postpones the PDPA, cybercrime rates are rising  With an increased urgency to keep yours and your clients’ data safe, it’s more important than ever to secure the right business insurance solution.

Pacific Prime Thailand is here to help. We leverage our close partnerships with top insurance providers in Thailand to formulate a best-fit plan that fulfills all of your business needs. Contact our team of experienced corporate and employee benefits specialists today for a free plan comparison!

• Author
• Recent Posts

serena

Senior Content Creator at Pacific Prime Thailand

Serena Fung is a Senior Content Creator at Pacific Prime, a global insurance brokerage and employee specialist serving over 1.5 million clients in 15 offices across the world. With 2+ years of experience writing about the subject, she aims to demystify the world of insurance for readers with the latest updates, guides and articles on the blog.

Serena earned her Bachelor’s Degree in Psychology from the University of British Columbia, Canada. As such, she is an avid advocate of mental health and is fascinated by all things psychology (especially if it’s cognitive psychology!).

Her previous work experience includes teaching toddlers to read, writing for a travel/wellness online magazine, and then a business news blog. These combined experiences give her the skills and insights she needs to explain complex ideas in a succinct way. Being the daughter of an immigrant and a traveler herself, she is passionate about educating expats and digital nomads on travel and international health insurance.

Latest posts by serena (see all)

• Everything You Need to Know About Wellness Tourism in Thailand - July 21, 2023
• Cybercrime in Thailand: Current Trends and Solutions - July 7, 2023
• Top 12 Mental Health (Wellness) Retreats in Thailand: A Guide to Finding Inner Peace - July 4, 2023