Belaws Thailand
  • thailand
  • legal
    • Legal
      • All Legal services
      • Urgent. Same day advice
      • Immediate legal consultation
      • Document Review
    • Our expertise
      • Employment Law
      • Merger & Acquisitions
      • Restructuring & Insolvency
      • Banking & Finance
      • Real Estate
      • Startups Services
      • Blockchain Expertise
      • Energy, Mining & Infrastructure
      • Intellectual Property
      • Tax Expertise
      • Telecommunication, Media & Technology
      • Commercial Transactions
      • Family Law
      • Download your free copy of our guide, 'Starting a Business in Thailand for Foreigners,' featuring essential insights for successfully establishing a business in Thailand.
  • incorporation
    • Incorporation
      • All Incorporation services
      • Business feasibility check
      • Market research
      • Entry strategy
    • Companies type
      • BOI Company
      • Limited company
      • Branch Office
      • Representative Office
      • U.S Treaty of Amity company
      • Startups Services
    • Business Licenses
      • Foreign Business License
      • E-commerce License
      • Factory License
      • Important License
      • Restaurant License
      • See all Licences
  • Accounting & secretary
    • accounting & secretary
      • All Accounting & Secretary services
      • Urgent. Same day advice
      • Immediate consultation
      • Document review
    • corporate
      • Draft minutes
      • Changing directors
      • Share transfer
      • Registered address change
      • Capital increase
      • Meetings AGM
      • Meetings (EGM)
      • Closing a company
    • Legalisation
      • Notarisation and legalisation
      • Translation document
    • accounting
      • Bookkeeping & tax filings
      • Annual audit
      • Payroll
      • Payroll outsourcing
      • Tax
      • VAT Registration
      • Corporate Income Tax
      • Personal income tax
  • Corporate
    • accounting & secretary
      • All Accounting & Secretary services
      • Urgent. Same day advice
      • Immediate consultation
      • Document review
    • corporate
      • Draft minutes
      • Changing directors
      • Share transfer
      • Registered address change
      • Capital increase
      • Meetings (AGM)
      • Meetings (EGM)
      • Close a company
      • Translation document
      • Notarisation & Translations
      • Notarisation & Legalisation
      • Translation documents
    • accounting
      • Bookkeeping & tax filings
      • Annual audit
      • Payroll
      • Payroll outsourcing
      • Tax
      • VAT Registration
      • Corporate Income Tax
      • Personal Income Tax
  • visas
    • visas
      • All Visas services
      • Urgent. Same day advice
      • Document review
      • Immediate Visa consultation
    • live in thailand
      • Thailand LTR Visa
      • Thailand Elite Visa
      • Retirement Visa
      • Marriage visa
      • Change your visa type
      • See all visa options
    • work in thailand
      • PEO services
      • Non immigrant B Visa
      • Work Permit
      • BOI Visa & Work Permit
      • Change your visa type
  • BLOG
  • CONTACT
    • fr_FRFrançais
    • en_USEnglish
  • Menu Menu
  • INCORPORATION
  • LEGAL
  • ACCOUNTING & SECRETARY
  • VISAS
  • Blog
  • IMMEDIATE CONSULTATION
  •  
  • en_USEnglish
  • fr_FRFrançais
Belaws Home ›› Thailand ›› Blog ›› Are you PDPA compliant?

corporate – legal

Are you PDPA compliant?

18/04/2022

Thailand’s Personal Data Protection Act or PDPA will come into full effect on June 1st 2022. This is less than 2 months away, so please ensure that your organization is ready and fully compliant with the PDPA before this date.

On May 5th 2021, the Thai Cabinet delayed the enforcement of the PDPA for one year (to June 1st 2022) in order to reduce the impact the PDPA would have on all relevant individuals, Government agencies and businesses of all sizes during the COVID-19 pandemic.

Are you PDPA compliant?

The Government felt that the rules, procedures and conditions that companies must adhere to under the PDPA are very detailed and complex. It also requires advanced technology in order to effectively protect personal data. The enforcement of the Act would create an extra burden for companies who may already be suffering due to the pandemic.

Currently, there are no signs for any further delays in bringing the PDPA into effect. Therefore, companies and individuals must be ready to comply with the PDPA before June 1st, 2022.

Who is protected under Thai PDPA?

The PDPA is extraterritorial scope. This means that even though your company has not been registered as a business in Thailand or does not have an office in Thailand, the PDPA may still apply to you.

The PDPA will be applied to any collection, use or disclosure of personal data obtained by a data controller or data processor within Thailand. However, when a data controller or data processor is located outside of Thailand, the PDPA will still apply if the data subject whose data is collected, used or disclosed is located in Thailand.

How do I become PDPA compliant?

In order to ensure full compliance with the PDPA, it is important to consider the following points.

Review the data collection and the data protection levels in your company

You may need to undertake data mapping to see what data you have about customers, users, employees and others.

Important areas to consider are:

  • What type of information is collected?
  • What is the purpose of the personal data collection, usage and disclosure?
  • Who is the data collected from? users; clients; suppliers; business contacts or other people;
  • Does your company have Internal Policies regarding data breach practice, privacy framework/policy?;
  • Do you ask / seek any consent from the data subject?
  • Where do you store the data? How is it protected?
  • Who do you share it with? Any contract in place?

Improve your consent forms, privacy policy and internal measures to comply with the PDPA

The data controller and data processor need to ensure full compliance with the PDPA and provide appropriate security measures to prevent unauthorized access to personal data.

Make sure you have appropriate records for the PDPA regulator

When the PDPA is fully enforced, a data controller and a data processor will need to maintain records in order to enable the data subject and the Office of the Personal Data Protection Committee to check upon.

Train your employees

You must ensure that all employees are fully trained and familiar with the PDPA to ensure compliance. Therefore, it is highly recommended to share any information relating to your internal policies, the details of the PDPA and penalties for breaching it, throughout your organization.

How do I become PDPA compliant?

Belaws has a team of experienced lawyers and experts in place to provide the following services to you in order to ensure full compliance with the PDPA.

Scope of Services Our fee
(a) Drafting or reviewing these following items:

1) PDPA consent (general and direct marketing consent)

2) Privacy Policy or Personal Data Collection Statement and purpose limitation in English or Thai (One language only – translation can be provided with an additional fee).

This also includes analyzing your customer journey flow to ensure that it complies with the PDPA.

Method: Our PDPA expert will prepare a questionnaire for you or your team to complete in order to be able to understand what type of information you collect, your purpose for collection and provide detailed recommendations to address findings and reflect this into your privacy policy for customers/users.

Timeframe: 2 weeks

From 30,000 THB (for your customers or users)

*This includes online interactions and meetings with your team (maximum 1 hour), if necessary.

(b) Reviewing your Terms and Conditions (T&C) to mitigate foreseeable risks (e.g. age of users/customers for validity of data privacy consent and disputes that may occur from your features in relation to PDPA or other law)

Timeframe: 2 weeks

From 20,000 THB
(c) Preliminary analysis of  your internal procedures to see if it complies with the PDPA.

Background: When you receive personal data from users or customers, it does not mean that you can keep their data forever. You need to provide the method to withdraw consent, specify a ‘retention policy’ which provides a ‘retention period’ and appoint a Data Protection Officer. Also, our PDPA expert needs to make sure that your practice on data collection, transfer and destruction complies with your internal policy.

Our PDPA expert can provide you with recommendations on the above mentioned issues and inform you of how long you can keep the personal data of users, customers and employees.

This shall include an appropriate record, consent and withdrawal and data breach management guidelines.

In summary, this item (c) shall include preliminary analysis on:

– retention policy/period

– DPO

– practice on data collection, transfer and destruction

– record of data for a regulator

– consent and withdrawal

– data breach management guidelines

Timeframe: 3-4 weeks

From 50,000 – 70,000 THB for preliminary analysis

(Varies by the complexity of the organization)

*This includes online interaction  and  meetings with  your team (maximum 3 hours) to identify problems and fact findings.

(d) Drafting or Reviewing a Privacy Policy for employees and candidates, includes proper consent and provides contractual clauses to be added to any employment agreements in English or Thai (One language only, translation can be provided with an additional fee).

Since some employees can access the personal data of users and other employees (e.g. HR and customer service representatives), controls must be put in place to ensure that the personal data of users and employees is securely stored and distributed only to authorized parties.

Since the PDPA also covers data relating to your employees and candidates, you will need a Privacy Policy for employees/candidates and contractual terms to reduce potential risk of non-compliance under the PDPA.

Timeframe: 2 weeks

From 27,000 THB
(e) Training or workshops for undertstanding the PDPA Fundamental Points – 3 hours maximum, includes Q&A session (in English or Thai)

You should share information about PDPA law within your organisation, especially to the relevant people who have access to personal data (e.g., IT, customer service, HR).

From 20,000 THB (Online) and

From 25,000 THB (Onsite)

No maximum participants

*However, if you would like to proceed with items (a) – (d), our PDPA expert is willing to provide one complimentary PDPA training session or workshop at no cost (English or Thai session).

(f) Full PDPA Compliance Gap Analysis Report

The report shall include gaps and advice on:

– Third party management (IT vendor who can access to personal data)

– Management of Data Subject’s rights

– Data Processing Agreement Template between Data Controller and Data Processor

– Retention limitation

– Web cookies policy

– Data transfer and storage outside Thailand

– Age of users/customers for validity of data privacy consent and other important issues under PDPA

– Do/Do not’s for employees

Our PDPA expert can discuss and finalize topics with you before proceeding.

Timeframe: 4 weeks

For full ‘ PDPA gap analysis report’ , the additional fee ranges from 80,000 – 150,000 THB (varies by the complexity of the organization and scope of work or topics)
(g) Audit of the IT System organizations Data destruction process.

Time frame: 1 week

From 80,000 THB
(h) Preliminary discussion or direct consultation (online meeting). From 5,000 THB per hour

Our PDPA expert recommends you consider items (a), (b), (c) and (d) to ensure full readiness and compliance with the PDPA. If you have a limited budget, you can consider items (a) and (d) first. Our PDPA expert can help you handle everything so you do not have to start from scratch.

It is better to consult with experts rather than trying to tackle the PDPA on your own to save time. The PDPAs effective date is just around the corner and full and complete compliance is essential.

For any breaches of the PDPA, there is not only administrative, civil and criminal liability to consider, but also reputational damage. Failure to comply with the PDPA may mean that clients and partners may not want to work with your company in the future.

If you need more information about the PDPA and how to ensure full compliance, you can book a consultation with one of our PDPA experts.

Please note that this article is for information purposes only and does not constitute legal advice.

Immediate consultation
Book now

Up to 1 hour to answer your questions related to trademarks, copyright, patents, website terms and conditions, privacy law, PDPA and general issues related to digital laws in Thailand.

If some research is necessary to answer to your questions, our expert will check and revert to you with complementary elements by email.

This consultation is only for new cases. The service is provided by an expert lawyer fluent in English.

USD 150

Up to 1 Hour

Online payment (Paypal or Credit card)

Legal consultation can be conducted in English, French or Thai

Legal consultations are handled by Legal experts.

Subscribe today

Subscribe today

To our newsletter for all the latest legal news
in South East Asia, Belaws updates and
special promotions on our services.

To our newsletter today for all the latest legal news in South East Asia,
Belaws updates and special promotions on our services.

+66 (0) 63 695 5945

We are open:
Monday – Friday
9 am – 6 pm (UTC+7)

Email us

SERVICES

Legal

Incorporation

Accounting & Secretary

Visas

Immediate ConsultationNew

COMPANY

About

Careers

Press & Media

Terms of Services

Privacy Policy

Sitemap

Resources

Belaws Thailand Blog

Facebook Thai Visa Belaws

Ebook on Condo purchase

Ebook Employment Law

Our Offices

Thailand

Singapore

Hong Kong

Cambodia

Vietnam

Belaws 2017 - 2025.
Belaws provides information and software only. Belaws is not a "lawyer referral service" and does not provide legal service or participate in any legal representation.
Belaws is not a law firm or a substitute for an attorney or a law firm. The use of Belaws is subject to our Terms of Use.

Why should entrepreneurs set up a holding company in Singapore? Why should entrepreneurs set up a holding company in Singapore? 5 reasons why Thailand is a great place to start a company 5 reasons why Thailand is a great place to start a company
Scroll to top