PDPA Solutions

16/08/2022

Thailand is slowly but is promoting and initializing the economic digitalization with out leaving out the thought of security.

National Cyber Security Agency in Thailand is constantly developing and implementing strict security regulations and practices for all sectors of agencies. They have announced to have subordinary regulations to be rolled out at the end of the year 2022. See the following article published by Bangkok Post for more information.

"NCSA set to boost cyber security laws"

Please credit and share this article with others using this link:https://lnkd.in/ezxm-Fnj.

© Bangkok Post PCL. All rights reserved.

The National Cyber Security Agency (NCSA) is planning to expand the enforcement of its standard framework of security requirements from the current 60 organisations of critical information infrastructure (CII) to 120 by the end of next year, said AVM Amorn Chomchoey, deputy secretary-general of NCSA...

08/08/2022

Cyber Security : "PREP REQUIRIES FOR CYBER SECURITY RULES"

Along with the development of data protection act, there is a rising concern regarding cyber security. The fast-paced digitalization in ASEAN countries is now facing the cyber securities not just in business level but also in national level. One of the ASEAN members who is currently going through massive change in digitalization is the country also known as land of smile, Thailand.
The following article provides the inside to the latest agenda that is being mentioned by the National Cyber Security Agency, who is actively providing knowledges, evaluating the cyber related concerns, and providing the standard practice guidelines to all organizations.

The National Cyber Security Agency (NCSA) is urging organizations associated with critical information infrastructure (CII) to accelerate efforts to comply with two upcoming regulations regarding minimal...

Posted on Bangkok Post; 8th August 2022.
K. Suchit Leesa-Nguansuk.

Please credit and share this article with others using this link:https://www.bangkokpost.com/business/2363581/prep-required-for-cybersecurity-rules.

Bangkok Post - The world's window on Thailand

08/08/2022

Are you finding it troubling to be compliance to the new regulation: PDPA? Is your business compliance to the new PDPA regulation and their sub-regulations which was recently rolled out.
This article will provide you with summary of new sub-regulations and keep your mind free from all the confusion. Specially written by the law firms who investigates, understands, and provides information worth your morning.

"Exploring the 4 new Data Protection sub-regulations"

Following the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) coming into full effect on 1 June 2022, four sub-regulations were introduced by the Personal Data Protection Committee (PDPC). These notifications become effective as of the 21st of June 2022.

In this article, we will provide a more detailed breakdown of the criteria and rules, relating to these new notifications.

Foreign Business License
Summary of the new notifications
1. Exemption of the Record of Processing Activities Requirement for Data Controllers who are Small Businesses B.E. 2565 (2022)
As part of the duties imposed on data controllers under the PDPA, the preparation and maintenance of a record of processing activities (“ROPA”) is required. However, under this notification, data controllers who are from small businesses will be exempt from the ROPA requirements.

Examples of the types of business excluded include:

small or medium enterprises according to the law on small and medium-sized enterprise promotion
‒ Product manufacturing business operators which hire no more than 200 employees, and have annual revenue not exceeding Baht 500 million,
‒ Service providers, wholesalers or retailers which hire no more than 100 employees, and have
annual revenue not exceeding Baht 300 million.
community enterprises and networks of community enterprises registered under the community enterprise promotion law;
social enterprises and social enterprise groups registered under the social enterprise promotion law;
cooperatives, cooperative federations, or a farmer’s groups under the cooperatives law;
foundations, associations, religious or non-profit organizations; and
family businesses or other similar businesses.
However, following businesses will not be able to reply upon the exemption: .............

Find the Full article on the Link below. (Source: Be Law; 2nd August 2022)

Following the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) coming into full effect on 1 June 2022, four sub-regulations were introduced by the Personal Data Protection Committee (PDPC).

14/07/2022

On June 24th, 2022, the Thai Government announced changes and clarifications to the Personal Data Protection Act. The changes include aspects of the law that were not previously reported or emphasized and seek to provide data processors and controllers (i.e. those who work with personal data) with more information about their duties and responsibilities under the PDPA!

These recent changes and clarifications include

1. A Relaxation of the data record requirements of the Data Protection Officer for small-to-medium size enterprises or SMEs
2. Terms and measures for the making and keeping of personal data records for data protection officers
3. Security measures for Data Protection Officers
4. Measures to impose administrative fines or penalties by the specialized committee

Here at PDPA Solutions, we strive to be up to date on the latest information regarding PDPA to best assess our customer's compliance with PDPA and give recommendations for full compliance with the law. For further details on these recent changes, click below

On 21 June 2022, the Data Protection Committee published four new updates to the PDPA.

11/07/2022

Cybersecurity, also known as cyber protection is a pressing concern for all organizations. After all, no company wants to be in the news because they are the victim of the latest cyber-attack. This could immense damage to the reputation. With that in mind, it is important to remember that complying with the PDPA and having a professional audit done should not only be done because of threats of penalties from the government and the desire to not be reprimanded by a Data Protection Officer (DPO). The PDPA is specifically designed to protect individuals' personal data and recognizes the need for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. In other words, it is specifically designed to prevent the kind of events that every organization fears. Learn more about how we can help your company comply with the PDPA and prevent cyber breaches from affecting your organization’s data. Cybersecurity, also known as cyber protection is a pressing concern for all organizations. After all, no company wants to be in the news because they are the victim of the latest cyber-attack. This could immense damage to the reputation. With that in mind, it is important to remember that complying with the PDPA and having a professional audit done should not only be done because of threats of penalties from the government and the desire to not be reprimanded by a Data Protection Officer (DPO). The PDPA is specifically designed to protect individuals' personal data and recognizes the need for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. In other words, it is specifically designed to prevent the kind of events that every organization fears. Learn more about how we can help your company comply with the PDPA and prevent cyber breaches from affecting your organization’s data by providing a PDPA diagnostic. Click below to view our price list!

A common question is, who is protected under the Thai PDPA? The PDPA is extraterritorial in its scope. This means that even though you do not have an office in Thailand and have not registered your company as a business in Thailand, the PDPA may still apply to you.

08/07/2022

Now that the PDPA (Personal Data Protection Act) has come into effect as of June 1st, 2022, companies in Thailand need to make sure that they are in compliance. The law is very specific in its provisions and has extremely stiff penalties for non-compliance, including fines of up to 1 million baht and up to one year of imprisonment. However, companies should not panic if they are not yet in complete compliance. The newly formed Personal Data Protection Commission, the government agency tasked with enforcement, has indicated that if companies did not intend to commit wrongdoing, they will not be subject to fines or prison time for infractions during a one-year grace period. Instead, the commission will issue warnings to violators and encourage them to comply with the new statute.

According to a survey conducted by the Thai Board of Trade, only 8% of the 4000 businesses interviewed said that they were in full compliance with the law. Furthermore, 31% percent indicated that they haven't even started the process of compliance. Don’t sweat it if your organization is currently in this category! PDPA Solutions, a joint venture between Asia Data Destruction (Data Destruction), Belaws (Legal), Breachunt (Cybersecurity ) and Lim & Partner (HR) can put our expertise in each of a company's respective areas of the business to work and can help you comply with the PDPA. We offer PDPA compliance diagnostic auditing and consulting for your peace of mind regarding PDPA. Our process includes but is not limited to:

Investigating and analyzing the entire organizational structure and internal procedures under PDPA framework

Providing Gap analysis report and data mapping

Review of Data Storage, Destruction, and Protection

360° Internal and External network security evaluation

Providing PDPA guidelines tailored made to your business