This Act applies to efficiently protect people's personal data such as phone number, Line ID, email, address, or bank account no matter in paper form or digital form.
In the past, many businesses have collected a large amount of customer information for marketing purposes. But after the PDPA Act is enacted, private businesses and SMEs will no longer be able to keep customer data for a long period of time.
On 24 June 2021, True Digital Park organized an online discussion called TDPK TALK: Global Tech Review “Preparing and implementing PDPA compliance policies in Thai companies” powered by Tilleke & Gibbins to talk with the legal experts from Tilleke & Gibbins and True Digital Group to discuss ways for Thai entrepreneurs to prepare for PDPA.
Data management process
1. Designate a data protection officer (DPO)
2. Set a Record of Processing Data (ROPA) to help organizations learn how personal data is processed. This will allows privacy notices to be done appropriately
3. Provide other documents
4. Set up security measures
5. Create other tasks such as DPIA (Data Protection Impact Assessment)
Who has to comply with the PDPA policies?
Every business that collects, uses, or discloses personal data needs to follow the PDPA act.
In conclusion, the business sector should not collect more than what is needed and use the data according to the purpose notified to the data subject prior to or at the time of such collection to avoid the problem that might occur in the future.
Related article: What the PDPA means for businesses and people