What is PDPA?
The Personal Data Protection Act was published on the 27th of May 2019 and will become into force on the 28th of May 2020.
PDPA Thailand has aimed at controlling the collection, use, and disclosure of any personal data that could identify a person directly or indirectly. PDPA is designed specifically to protect data owners from unlawful acts of their personal data. This Act applies to most organizations doing businesses in Thailand whether onshore or offshore. Foreign entities that offer goods and services or monitors consumer behaviors in Thailand are all subject to PDPA.
What does it mean for your business and your company websites?
PDPA is about to change the way businesses and data controllers interact with their audiences or in other words, data owners. Whether you are an insurance company, a financial institute, a consulting firm or an e-commerce business, if your website is used to store personal data such as payment details, it is important that you give attention to the rules and regulations of the PDPA.
What do you need to do?
Here are easy ways that businesses can master their websites to comply with the rules and to stay ahead of the game:
- All websites must ask for complete consent from each user for the collection of data and must state clearly if any data is being passed to a third party
- All websites must state and explain the purpose of the collection of any personal data
- All companies must make sure that data is protected and is not used to any other purpose
- It is important that your company websites are clear, straightforward and use simple languages to avoid any misunderstandings
- You must keep track of all the storage of personal data on your website
- Security is key! Ensure that your website is fully secured. Poorly protected websites are often at risk of cyber threats
- PDPA requires all online organizations to hire a professional data controller to monitor its data collection, use, and disclosure of any personal data.
What happens if you don’t comply?
The lack of protection of data may lead to data breaches which could be very costly for any organization. On top of that, failure to comply with the PDPA is subject to both civil and criminal penalties therefore, it is crucial for all organizations to make the first move.
Setting up a new website or managing a current website to comply with the law can be challenging and overwhelming for a number of organizations.