The matter of PDPA or Personal Data Protection Act (Personal Protection Act) that many businesses have been aware of and prepared since 2019, which has been announced in the Government Gazette from 27 May 2019, which is almost the third year after the announcement. Use and on June 1, 2022 to come will be formally enforced.
The thumbsup will summarize what marketers and brands should know. From the information of Mr. Thienchai Na Nakorn, Chairman of the Board Personal Data Protection Committee It provides clear information and helps brands and marketers plan more comprehensively.
The privacy laws that will be enforced this time will cover information about an individual that makes them personally identifiable. Either directly or indirectly can be of any form, whether it is paper, text, images or sounds. It covers from first name, last name, ID card number. Phone number, address, e-mail
The law also protects sensitive personal data such as race, ethnicity, political opinion, belief, creed, religion, sexual behavior. criminal record health information Genetic data Biometrics Cookies ID EMEI or Device ID that can connect to the server to identify the device without revealing the user’s name – last name at all.
In this regard, the agency has continued to educate and raise awareness about the rights of personal data subjects to the public. as well as encouraging public and private organizations aware of the need to comply with this law
what business owners Brands or marketers should remember and know how to prepare clearly. Collection, use or disclosure of any personal information Permission must be obtained from the owner of the personal data or as provided for in this law. There must be a mention of the purpose for which the information will be used. including using it for the stated purpose It also attaches importance to with the right to “personal data subject” who can request to change, amend, request a copy, request for deletion, if it is not contrary to any principles or laws and the organization that has obtained personal data must have measures and standards for managing this information properly and securely
On the part of the reason that Thailand needs the Personal Data Protection Act This is because the protection of personal data is an international principle that many countries attach importance to, especially the key trading partners of Thailand who have adopted the personal data protection principle as a law to protect people in their own country.
“Starting from the European Union, there is a law called General Data Protection Regulation or GDPR that has been in effect since 2018, causing many countries to have similar laws, such as Singapore, Malaysia, Indonesia, Philippines, Japan, South Korea, Taiwan, Hong Kong and China. At the same time, Thailand has had data breaches. more personal and various organizations They are not aware of the security of information collected from their citizens or customers. causing the information to be leaked out to those who do not wish to be ill-informed by the owner of the personal data.”
Organizations should focus on data collection.
organization thing Brands and marketers need to be prepared to store that information. is to know that What must be stored must not violate the matter.
- Security of personal data (Privacy Policies)
- Obtaining consent from data subjects before collecting, using or disclosing (Consent Management)
- Personal Data Risk Assessment
In this regard, the effective and efficient management of personal data depends on
- Supervision of directors and executives and participation of individuals in the organization
- Designing processes that include measures to protect personal data
- The introduction of technology to assist in the monitoring of operations. policy violation and measures set This includes analyzing, investigating, finding and responding to external threats.
The existence of PDPA laws, in addition to helping to protect the personal information of the data subjects. It also requires organizations that collect personal data to review the necessity of their collection. Process and use information as needed
And organizations should pay attention to how personal data is obtained. how to keep and how to use To reduce the cost of administering, storing, processing and using, as well as giving rights to data subjects and data security. This will enable organizations to use personal data more efficiently in the long run.
Penalties of PDPA
One thing that many The concern with this law is the matter of penalties. whether there are too many penalties, whether
- Criminal penalties with a maximum sentence of 1 year in prison
- Administrative penalties with a fine of up to 5 million baht
- Civil penalties pay compensation not more than 2 times the actual compensation.
Even if there is no such sanction in foreign countries From the fact that many ASEAN countries have criminal penalties as well. The administrative penalty The committee is drafting to impose penalties from light to heavy in order not to create too much panic among organizations
But the key thing that business owners should pay attention to is that they can start planning and taking serious action on PDPA. Because if the law is announced and then take action, it may cause problems or cause work to be interrupted and time consuming.
Additional information
