Personal Data Protection Act (PDPA) is a new legislation that was promulgated in the year of 2019 (B.E.2562). It currently becomes effective in some areas correlated to the department management including the establishment of the Personal Data Protection Committee, rule, regulation, and the criteria announcements that were prescribed by the committee. As for the provision in other categories will come into effect on May 31st 2021.
PDPA is a law that imposes the duty to protect the personal data that has been collected, used, or disclosed. So-called data controllers and legal entities that process personal data as assigned by data controllers. Such as:
The duty of creating and manipulating the guardianship policy of the organization’s personal data.
The duty to obtain the consent from data subject before or while collecting, using or disclosing the data.
The duty to not violate the rights of data subject and the duty to accept the requests and actualize the requests for the rights to access of data subject, such as the right to withdraw consent to collect, use or disclose the data. Likewise the right to approach and propose a copy of the personal data and the right to remove or disrupt the personal data, etc.
The assignation of protection authorities of personal data for a particular organization (this could be personnel within the organization or outsources) etc.
Preparation of legal entities who are the data controller or data processor.
Learn and recognize to this law. You need to know what PDPA is and its sanctions !
Check, review, data mapping, policies set up, review IT system, Documents Preparation, and work group enhancement.
The company is willing to present, serve on the side of personal data protection service for you to be competent to follow the Personal Data Protection Act in the year B.E. 2562 (2019) thoroughly within the time of the enactment of law.
Advise in the facet of the readiness in execution that follows the personal data protection law for the organization. Which includes the consultation to the Data Protection Officer (DPO) within the organization in consideration and in case investigation. Could also be conducted about the personal data breach, or the usage of rights of the data subject.
Review compliance according to the personal data protection law within the organization, whether it is adequate or consistent following the law or not.
Training, educating and comprehending the personal data protection law, along with training leaflets.
PDPA Compliance Service, provides arranging structure service regarding personal data protection within the organization.
Preparing the policy/declaration with the subject of personal data protection within the organization. Preparing the policy/declaration with the subject of personal data for the data processor and business partner. Preparing the practice guideline(s) with the subject of the administration and manipulation of the case which violates personal data, and the case which is exercising the rights of the data subject. Preparing form(s) that is required according to the law, such as a request form to consent for the data subject, form for requesting to exercise the rights of the data subject, and a form that records the lists of personal data according to Section 39. Present the suggestion(s) that is appropriate in the personal data management, and advise the proper way to exercise the rights through the organization’s website. Propose a way to establish and proceed of the working group that serves as the “Data Protection Officer : DPO.” Other services that may proclaim the regulations, principle criterion additionally in the future.
*If you are interested in our services or have acquired quotations for services in any matter, please inform us and we will respond as soon as possible!