Thailand PDPA: Enforcement Begins Summer 2020

Another big privacy regulation is in effect and the enforcement date is quickly creeping up. Inspired by the GDPR, Thailand’s Personal Data Protection Act (PDPA) was created to govern data protection and allow the people of Thailand to exercise their privacy rights and will drastically increase privacy requirements for businesses operating in Thailand.

After several legislative attempts, the Thai National Legislative Assembly approved PDPA in February 2019. The Royal Thai Government Gazette pushed the law into effect on May 28, 2019. The PDPA will go into enforcement on May 27, 2020.

There is not an official English version of the PDPA available, but organizations operating in Thailand or handling Thai personal data will need to familiarize themselves with this law quickly, before May 27, 2020.

Overview of the PDPA

Similar to the GDPR, the intention of the PDPA is to protect data owners in Thailand from the unauthorized or unlawful collection, use, or disclosure and processing of their personal data. Under the regulation, personal data is defined in as any data of people that could identify that person directly or indirectly.

The PDPA applies to organizations outside of Thailand that either offer products and services to individuals in Thailand (regardless of whether any payment is required) or monitor the behavior of individuals in Thailand.

Like the GDPR, individual rights cover numerous rights, such as the right to access, object, erasure, and rectify.

How CookiePro Helps

• Inform and allow visitors to opt-out of the collection of their personal data when they visit your website. Using the CookiePro Website Scanning and Cookie Compliance product, scan your website to identify and categorize cookies and tracking technologies on your website. Then create and display a PDPA-specific cookie consent banner that auto-blocks cookies until the visitor opts-in or out of your cookie policy.
• Leverage CookiePro Data Subject Request to intake and fulfill requests for personal information access requests by building a PDPA-specific request intake web form linked directly from your company’s website, centralizing all subject access requests into a single queue and defining an automated triage workflow for fulfilling requests.
• Build and configure web forms to capture subject rectification requests and launch automated workflows integrated with your existing systems to update that information. After building and implementing your form, track requests in a dashboard to monitor requests by date, country, and status of fulfillment. Set up defined workflows to use when fulfilling the request, including assigning tasks to colleagues.
• Use CookiePro to inform and allow visitors to object to the processing of their personal information when they visit your website. Provide visitors with a subject access request form to request for their data to be deleted or no longer be processed.