Thailand’s drive to offer extra complete on-line security for people begins Wednesday with enforcement of the Personal Data Protection Act (PDPA).
Major companies welcomed the enforcement because it was pushed again twice due to the Covid-19 pandemic.
Q: What does Thailand’s first legislation governing data safety entail?
The PDPA is Thailand’s first legislation created to control data safety. It units forth necessities for data controllers and data processors, together with each private and non-private entities, on the way to obtain consent from data topics earlier than processing, accumulating or disclosing private data.
Data topics even have the precise to request entry to their private data and demand for such data to be erased. They even have the precise to object to the gathering, utilization or disclosure of their private data.
The act, which has seven chapters and 96 sections, was printed within the Royal Gazette on May 27, 2019, with a one-year grace interval permitting stakeholders to regulate.
Data safety officers (DPO) have to be appointed for presidency our bodies and companies with large-scale data processing. A DPO is chargeable for serving to the organisation be certain that topics’ private data is processed in compliance with the PDPA necessities and serves as a contact level for PDPA points with the authorities and data topics.
Q: What is thought-about private data?
The definition of private data, as outlined within the Royal Gazette, is translated as “any data referring to an individual that permits that individual to be recognized, whether or not immediately or not directly. This doesn’t prolong to data associated to deceased individuals specifically.”
The PDPA is meant to forestall and thwart the misuse of private data. The act is among the many 12 digital-related legal guidelines the Thai authorities launched as a part of its digital financial system transformation roadmap.
Digital Economy and Society Minister Chaiwut Thanakamanusorn mentioned the new legislation would play a vital function in supporting a digital-driven financial system. The authorities initiatives digital-related enterprise to generate 30% of GDP in 5 years.
Q: What are the penalties for breaching Thailand’s PDPA?
The Royal Gazette outlines three varieties of liabilities: prison, civil and administrative. The penalties are topic to the extent and varieties of violations, starting from a couple of thousand baht to 5 million (RM637,787).
Phongphan Polyiem, a lecturer and lawyer who specialises in human assets and Thai labour legislation, supplied a couple of examples throughout a seminar on the PDPA that would end in fines of as much as 500,000 baht (RM63,778) and/or imprisonment for as much as six months.
He mentioned taking somebody’s picture immediately off Google to edit and/or add messages, whether or not it is supporting or criticising the individual, is thought-about a violation of the PDPA. Posting about somebody’s sickness and well being data on social media platforms or issuing a discover to a selected worker via a mass Line group chat with different workers in it are additionally examples of violations.
The prison penalties embrace fines of as much as a million baht (RM127,561) and/or imprisonment for as much as one 12 months, whereas non-compliance with administrative guidelines may end in fines of as much as 5 million baht and punitive damages as much as twice the quantity of the particular damages.
Q: Is Thailand able to implement the PDPA?
According to a PDPA readiness survey by the Thai Board of Trade and the University of the Thai Chamber of Commerce, solely 8% of just about 4,000 companies interviewed mentioned they’ve taken measures to be absolutely compliant with the legislation, whereas 31% indicated they haven’t even began the method of compliance.
Somchai Lertsutiwong, chief govt of Advanced Info Service, the nation’s largest cellular operator by subscriber base, mentioned the corporate has been learning, creating and enhancing instruments and processes to make sure compliance for the reason that PDPA was printed in 2019. He mentioned the corporate is now absolutely prepared for the laws’s enforcement.
Stephen James Helwig, interim chief company affairs officer for Total Access Communications (DTAC), the nation’s third-biggest cellular operator, mentioned the corporate carried out its privateness coverage and readiness initiatives for the reason that General Data Protection Regulation got here into impact in Europe in 2018. This means DTAC collects, shops and manages customers’ private data in compliance with the PDPA, whereas its coverage particulars the alternatives shoppers have to watch and handle their private data.
“The enforcement of the PDPA on June 1 marks a milestone for privateness safety and data safety for purchasers in Thailand,” Mr Helwig mentioned.
As for worldwide companies, Alibaba Cloud, the cloud computing service arm of Chinese e-commerce big Alibaba Group, lately launched its first data centre in Thailand final month with 1.06 billion baht in registered capital.
Tyler Qiu, Thailand nation supervisor for the agency, mentioned the data centre secured ISO 27001 and ISO 20000 certificates. It is compliant with Thailand’s PDPA rules and the monetary regulatory tips issued by the Bank of Thailand.
However Pranontha Titavunno, a board director of the Federation of Thai Industries, mentioned nearly all of small companies which have suffered from the influence of the pandemic over the previous two years are nonetheless unprepared for PDPA compliance.
Q: What is the federal government’s place on enforcement?
The authorities mentioned the enforcement of penalties could be relaxed within the first 12 months of implementation if violators didn’t intend to commit a wrongdoing, because it is a transitional interval when the event of understanding concerning the legislation and mediation for disputes would nonetheless be required.
Paiboon Amornpinyokiat, a member of the Personal Data Protection Committee authorized subcommittee, mentioned within the first 12 months of the PDPA’s implementation, the authorities will focus solely on issuing warnings to violators and urging them to adjust to the rules.
The core job within the first 12 months is to guard individuals’s rights to data safety, whereas ramping up efforts to spice up understanding of the legislation amongst associated events, he mentioned.
“The authorities desires the legislation to assist the digital financial system — it is not meant to hunt cash from fines for the state,” Mr Paiboon mentioned.
He mentioned a subordinate regulation could be issued to spare small and medium-sized enterprises from being obliged to adjust to the PDPA’s practices on the recording of processing actions. – Bangkok Post, Thailand/Tribune News Service
