PDPA cover

Personal Data Protection Act (PDPA)

เทรนด์
Workplace
People
Innovation

Get Ready for Personal Data Protection Act B.E. 2562

It is undeniable that communication, online and offline, plays a very big part in our lives these days.  Especially, in this digital era, technology drives our ways of communication. In business, companies use lots of information technology and data as well in order to operate, trade and provide services to their customers. Data is one of the key elements to build effective business strategies, sales and marketing plans. We all know that IT systems are recording our data all the time across multiple platforms. The question is.. Do we know if our data are kept safe?

 

 

pdpa

 

 

Data being used in business whether it is a name, last name, address, telephone number, email or any information that can identify the data subject, are all considered as a “personal data” which is protected under the Personal Data Protection Act B.E. 2562 (PDPA). According to this act, the “data subject” has legal right to access, right to data portability, right to object, right to forgotten, right to rectification, and right to restrict processing. Thus, before using any personal data for any purposes, an entity (as “data processor”) needs to ask for consent and provide a privacy notice to the data subject. Using personal data without consent or misuse of the data may put you on the spot. Therefore, PDPA comes in place to help protect personal rights and enforce measures for data security.

 

 

pdpa2

 

 

Apart from using personal data for the business, a company is also responsible for security of their employees’ personal data; either to collect, use, or disclose internally and externally. 

Are you ready for the Personal Data Protection Act B.E. 2562 taking effect soon?

pdpa3

 

Every company and organization as data controllers must carefully consider adapting their  operations to follow the measures of the act. From providing a data privacy policy, objectives to the needs of collect, use, and disclose of data, to publish data subject rights and ensure that all these information go to the data subjects. In addition, companies need to put in place security measures for personal data and communicate to their employees and third-party providers to be aware of PDPA and strictly comply to lawful practices.

Keeping personal data secured is not a responsibility of oneself, but it is the role of everyone in an organization. Not only to manage to keep the data safe but also to systematically operate to comply to this law internally and externally.

Share this