PDPA
What is Personal Data Protection Act (PDPA)?
The Personal Data Protection Act or PDPA is a new law in Thailand that will come fully enforceable from 1 June 2022 onwards. A violation of the PDPA could result in civil liability, criminal liability and administrative fines of up to 5 million baht.
PDPA is the Personal Data Protection Act B.E. 2562 (2019), stating that organizations or agencies involved in collecting personal data, whether government agencies or private companies must establish standards for keeping personal information safe. And use it for the purpose according to the consent that the owner of the personal data allows.
Key principles of the PDPA
- Cannot collect, use or disclose personal information If the data subject does not consent, unless by the law.
- PDPA confers the rights to the data subject access to their personal data including revise, suspend and destroy their own data.
- Establish a committee/personal data protection officer to set standards for collect, use or disclose personal information.
- Data protection officer must maintain data security. Not allow any changes, modifications, or any unauthorized access to the information.
Our PDPA Service
1. PDPA Consultant Service
CyberSec provides PDPA consulting services that cover following areas:
- What your business needs to do to comply with PDPA law
- Personal data protection policies and practices
- Setting up a PDPA system that is suitable for the type of your business and organization
- Measures for maintaining the security of personal data
- Dealing with personal data security breaches
2. PDPA Implementation Service
CyberSec provides a vulnerability analysis service and a comprehensive PDPA to comply with personal data protection laws, according to your budget plan.
1. Basic implementation plan
This package is suits for small size organizations (less than 30 employees), that want to saving time in preparation to enable your business to comply with the PDPA privacy law, on a limited budget.
What you will get:
- Training and arranging a workshop with project planning (1 time)
- Online consulting service (3 times/month) until the completion of the project
- Prepare Privacy Notice and Consent Form
- Review the organization’s policies and main working processes
- Provide a data processing contract
- Providing advice on management guidelines in case of personal data breach (Data Breach)
2. Pro implementation plan
This package is suits for medium size organizations (30-200 employees), that want full compliance with the PDPA law.
What you will get:
- On-site training workshop with project planning (1 time)
- Online consulting service (5 times/month) until the completion of the project
- Prepare Privacy Notice and Consent Form
- Review the organization’s policies and main working processes
- Provide records of data processing activities (RoPA)
- Provide a data processing contract
- Prepare the Personal Data Protection Impact Assessment (DPIA)
- Providing advice on management guidelines in case of personal data breach (Data Breach)
3. Advanced implementation plan
This package is suits for medium size organizations, that want full compliance with the PDPA law.
What you will get:
- On-site training workshop with project planning (1 time)
- Unlimited online consulting service until the completion of the project
- On-site service (3 times)
- Prepare Privacy Notice and Consent Form
- Review the organization’s policies and main working processes
- Provide records of data processing activities (RoPA)
- Provide a data processing contract
- Prepare the Personal Data Protection Impact Assessment (DPIA)
- Providing advice on management guidelines in case of personal data breach (Data Breach)
4. Advanced implementation plan with platform
Full implement with PDPA platform service is suits for organizations that want to comply with the full PDPA law, with software that will customize for your business only (Price will depend on the complication of your business)
3. PDPA Training service
CyberSec provides PDPA training for personnel of the organization both live online and on site. Which can be applied and practiced in all types of businesses.