After a one-year postponement, PDPA is going to fully hit the field on April 8, 2021.
PDPA has been enacted by the National Legislative Assembly of Thailand in May 27, 2019 having the purpose to regulate the consent and use of personal data. The law was originally set to become fully effective on May 27, 2020 but suffered another year delay due to pandemic crisis and unreadiness of the entrepreneur.
However, as of the date of this article, it is less than two months short of preparation until total compliance of PDPA is needed.
The company shall ensure that their policy and practice on personal data collection is aligned with the key practice of PDPA, such as, the proper consent for collection, usage, and disclosure of personal data. Such consent can be in writing or an electronic format acceptable/in compliance with the applicable laws. Also, the party disclosing personal information must be properly informed of their right and objective of data collection.
Sensitive information, such as, race, religion, or health must be subject to a clear consent of data owner, except in case of certain exemptions. and all personal data acquired must be used in accordance with the consented purpose. The breach of PDPA can be subject to penalty of fine and/or imprisonment.
It is strongly recommended that the company has outlined their privacy policy for all departments to comply with.
This law is a similarity to the General Data Protection Regulation or GDPR currently in force in European Union.
Please feel free to contact us should you need further support on privacy policy or data management documentation. This article is not a legal advice and it shall be solely treated for general guideline purpose.
Recent Comments