Thailand PDPA Compliance
Operationalize PDPA compliance with the most comprehensive PrivacyOps platform
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
The Personal Data Protection Act, B.E. 2562 (2019) ('PDPA') is Thailand's first consolidated data protection law, published in the Thai Government Gazette on 27 May 2019. This law was said to go into effect on 27 May 2020. However, in May 2020, the Thai Cabinet, through a Royal Decree, deferred the enforcement of specific data protection provisions of the PDPA until 31 May 2021. After three years of delays, Thailand's PDPA went into effect on June 1st, 2022.
The PDPA aims to protect individuals' personal data and impose obligations on businesses to collect, use, and disclose personal data. The PDPA is primarily based on the EU’s GDPR. Therefore, there are several similarities, such as the legal provisions for processing personal data, data subject requests, and other security measures requirements.
The Solution
Securiti enables organizations to comply with the Thai PDPA regulations through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with the Thai PDPA through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of Thailand’s PDPA.
Customize a data subject rights request portal for seamless customer care
Simplify your DSR request format by building web forms customized for your brand image to accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Automate data subject access request handling
PDPA Sections: 23, 30
Data subjects need to be notified about their data privacy rights, and organizations are required to simplify the initiation of verified DSR requests. Automating the delivery and generation of secure data access reports will significantly reduce the risk of compliance violations and the workforce required to comply with all the requests.
Secure fulfillment of data access and port requests
PDPA Sections: 23, 30, 31
Organizations must disclose the information to the data subjects within a limited time frame of receiving a verifiable data request. This will be free of charge and delivered through a secure, centralized portal.
Automate the processing of rectification requests
PDPA Sections: 35, 36
Seamlessly fulfill data rectification requests with the help of automated data subject verification workflows across all appearances of a subject’s personal data.
Automate erasure requests
PDPA Section: 33
Quickly fulfill data subject's erasure requests through automated and flexible workflows.
Automate objection and restriction of processing requests
PDPA Sections: 23, 32, 34
Build a framework for objection and restriction of processing handling based on business requirements with the help of collaborative workflows.
Continuous monitoring and tracking
PDPA Sections: 37(1)(3), 39, 40
Keep track of risks involved by continuously monitoring and scanning data against non-compliance to subject rights, security controls, or data residency. Surface new Personal Data categories, types, and data flow risks continuously.
Automate People Data Graph
PDPA Sections: 39, 40(3)
Discover personal information stored across all your systems within the organization and link them back to a unique data subject. Visualize personal data sprawl and identify compliance risks.
Meet cookie compliance
PDPA Sections: 19, 20, 25, 26
Automatically scan the organization’s web properties and categorize tags and cookies. Also, build customizable cookie banners, collect consent and provide a preference center.
Monitor and track consent
PDPA Sections: 19, 20, 24, 25, 26, 27
Track consent revocation of the data subjects to prevent the processing or transfer of data without their consent. Demonstrate consent compliance to regulators and data subjects.
Assess PDPA readiness
PDPA Sections: 37, 39, 40
With the help of our multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against PDPA requirements, identify the gaps and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against PDPA requirements.
Map data flows
PDPA Sections: 39, 40(3)
Keep track of data flows in your organizations, trace this data, and catalog data collection and transfer. Document business process flows internally and to service providers or 3rd parties.
Manage vendor risk
PDPA Sections: 37(2), 39
Track, manage, and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly, automate data requests and deletions, and manage all vendor contracts and compliance documents.
Breach Response Notification
PDPA Section: 37(4)
Automates compliance actions and breach notifications to concerned stakeholders concerning security incidents by leveraging a knowledge database on security incident diagnosis and response.
6 Key Data Subject Rights Under Thailand’s PDPA
Right to be Informed: Data subjects have a right to be informed regarding how their personal data is being collected and used. Businesses are required to inform data subjects of any data they may have of them and any data processing that is taking place.
Right to Access: Data controllers and processors have a legal obligation to provide data subjects with access to and copies of their personal data. This right must be honored without delay and no later than one month after receiving the data subject's request.
Right to Data Portability: Data subjects also have the right to ask for data to be sent from one controller to another in a readable format that can be used or disclosed automatically.
Right to Rectification: Data subjects have the right to have erroneous data corrected and incomplete data about themselves rectified.
Right to Erasure: Data subjects have a right to erasure available where the controller or processor must delete the data of the data subjects if they withdraw their consent, where data is no longer necessary for the purpose it was collected or processed for, or where data was collected unlawfully.
Right to Object/opt-out: When data subjects' data is gathered without their consent, their data is processed for direct marketing purposes, or their data is processed for scientific, historical, or statistical research, they will have the right to object.
Quick Facts about Thailand’s PDPA
The PDPA is Thailand's first data protection legislation.
Under the PDPA, the data controller will have to guarantee the rights of the data subjects.
A violation of the PDPA may result in civil liability, criminal liability, and administrative fines, ranging from a few thousand Thai baht to 5 million Thai baht.
PDPA contains no detailed rules regarding the use of automated processing of individuals’ personal data for decision making.
PDPA does not apply to foreign public authorities, international organizations, and public entities, including those engaged in duties concerning the prevention and suppression of money laundering, forensic sciences, or cybersecurity.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
