COVID-19
LawPlus: PDPA Compliance Preparation – What Businesses Can and Should Do to Be Prepared for Compliance with the Personal Data Protection
This note discusses some of basic steps which businesses/companies should take to be prepared for compliance with the Personal Data Protection Act B.E. 2562 (“PDPA”) of Thailand. The PDPA implementation will start from its full effective date of 27th May 2020. This note does not constitute a legal advice and it is not supposed to be exhaustive or complete.
The PDPA governs the collection, use and disclosure of personal data of natural persons (data subjects) by businesses/companies (data controllers and data processors). The data subjects can be employees, customers and suppliers of companies and the members of the general public.
Each business must comply with the PDPA, otherwise the business itself and/or its directors and/or its managers can be liable to a civil liability (a compensation for actual damages suffered by the data subject from the offence committed by the business plus punitive damages up to two times of the actual damages) and/or an administrative liability (a fine not exceeding THB5 million per offence) and/or a criminal liability (imprisonment for a term not exceeding one year and/or a fine not exceeding THB1 million per offence). What businesses can do to be prepared for compliance with the PDPA are discussed below.
Contact:
- Kowit Somwaiya,Managing Partner
Email: kowit.somwaiya(@)lawplusltd.com
- Oramart Aurore Saardphak, Associate
Email: oramart.saardphak@lawplusltd.com
LawPlus Ltd. Unit 1401, 14th Fl., Abdulrahim Place, 990 Rama IV Road, Bangkok 10500, Thailand
Tel. +66 (0)2 636 0662 Fax. +66 (0)2 636 0663
www.lawplusltd.com
