PDPA Compliance

Thailand’s Personal Data Protection Act (PDPA) was created to govern data protection and allow the people of Thailand to exercise their privacy rights. Thailand’s adoptions of this law were partly inspired by many GDPR principles and will drastically increase privacy requirements for businesses operating in Thailand.

Thailand PDPA Cookie Compliance Regulation

The PDPA Will Go Into Effect May 27, 2021

What is PDPA?

Thailand recently enacted its Personal Data Protection Act (PDPA), which was published in the Government Gazette on May 29, 2019. Going into effect May 27, 2020, the PDPA will have a broad impact across multiple aspects of businesses. Similar to GDPR, websites will have to include simple and straightforward language, and receive clear consent from each user, before (or at the time of) collecting data, using it in any way, or passing it to third parties. Violation of the PDPA can result in fines of up to Baht 5,000,000 and imprisonment for up to one year.

Steps to comply with PDPA:
  • Customize a cookie banner and preference center to inform users about data collection and provide visitors with the ability to opt-out of advertising and data collection cookies on your website.
  • Create and add a form for individuals to practice their data subject rights, such as the right of access, right to erasure, right to object, and the right to data portability to their personal data.
  • Monitor incoming requests using a dashboard and automate the request process, from intake to fulfillment.

Who does the PDPA apply to?

The PDPA applies to personal data collected or used by a data controller or processor residing in Thailand. It also applies to a data controller or processor residing outside Thailand but collecting, using or disclosing personal data of a data subject in Thailand, for the purpose of offering goods or services to or monitoring the behavior of that data subject. Personal data is defined in the PDPA as any data of people that could identify that person directly or indirectly.

Data Rights Under PDPA

Cookie Banner Customization
The Right to be Informed

Right to be Informed [Section 23] is the right for Thailand citizens to be informed about the collection and use of their personal data at the time of collection. Organizations that collect personal data must provide individuals with information about what is being tracked, the purpose of tracking and who it will be shared with.

How CookiePro Helps

Inform and allow visitors to opt-out of the collection of their personal data when they visit your website. Scan your website to identify and categorize cookies and tracking technologies on your website. Then create and display a PDPA-specific cookie consent banner that auto-blocks cookies until the visitor opts-in or out of your cookie policy.

web form customization
The Right to Access

The Right to Access [Section 30], also known as subject access, gives individuals the right to obtain a copy of their information that an organization holds about them. When the organization receives the subject request, it must provide the data subject information such as the purpose of processing and categories of personal data collected.

How CookiePro Helps

Intake and fulfill data subject requests for personal information access requests by building a PDPA-specific request intake web form linked directly from your company’s website, centralizing all subject access requests into a single queue and defining an automated triage workflow for fulfilling requests.

Consumer requests
The Right to Rectification

According to Section 35 of PDPA, individuals have the right to request the modification of their data, including the correction of errors and the updating of incomplete information.

How CookiePro Helps

Build and configure web forms to capture subject rectification requests and launch automated workflows integrated with your existing systems to update that information. After building and implementing your form, track requests in a dashboard to monitor requests by date, country, and status of fulfillment.

Consumer request workflow
The Right to Erasure

Under Article 33 of the PDPA, individuals have the right to have their personal data erased. This is only allowed if the data controller is non-compliant or if it is no longer necessary for data controllers to retain personal data in accordance with the purpose of the collection or use.

How CookiePro Helps

In the data subject request product, define automated workflows for fulfilling the request. Choose different options for each stage, then assign main responsibilities to privacy offices, IT teams, or business users based on the type of request and where the data resides

Edit Response Templates
The Right to Restrict Processing

Article 34 of PDPA gives individuals the right to restrict the processing of their personal data.  If consumers exercise this right, businesses can continue to store the data but must not use or process that data.

How CookiePro Helps

Enable individuals to request that their information is not processed by filling out a CookiePro generated data subject request web form. Use editable response templates to respond to the individual, then track and notify the individual when the request has been processed

List of consumer request workflows
Right to Data Portability

The right to data portability gives individuals the right to obtain and transfer their data to a different controller or service.

How CookiePro Helps

Using CookiePro data subject requests, provide individuals with an intake form to submit their requests, then easily find the data and fulfill the request. Identify which workflow to use to take the necessary steps to fulfill the request.

Preference center 2
Right to Object

Article 32 of the PDPA gives individuals the right to object to the processing of their personal data when visiting your website and always having the option available.

How CookiePro Helps

Use CookiePro to inform and allow visitors to object to the processing of their personal information when they visit your website. Provide visitors with a customized preference center where they can opt-out of the processing of their personal information. Also, provide visitors with a subject access request form to request for their data to no longer be processed

Website Compliance Made Easy

If you are subject to comply with PDPA, sign up today for the most trusted cookie consent solution in the industry. Don’t wait!

Sign Up Today

Recent Posts

Onetrust All Rights Reserved