{"id":9563,"date":"2024-09-12T10:00:00","date_gmt":"2024-09-12T03:00:00","guid":{"rendered":"https:\/\/wsrlawgroup.com\/?p=9563"},"modified":"2024-12-09T12:50:59","modified_gmt":"2024-12-09T05:50:59","slug":"what-do-smes-need-to-know-about-thailands-pdpa-regime","status":"publish","type":"post","link":"https:\/\/wsrlawgroup.com\/zh\/what-do-smes-need-to-know-about-thailands-pdpa-regime\/","title":{"rendered":"What do SMEs need to know about Thailand\u2019s PDPA regime?"},"content":{"rendered":"<p><strong>Key takeaways<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Thailand\u2019s PDPA regime was enacted to protect the data of individuals.<\/li>\n\n\n\n<li>Most, if not all, SMEs are required to comply with the laws set out in the PDPA.<\/li>\n\n\n\n<li>Major fines and penalties can be implemented failure to comply with the PDPA.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>Thailand\u2019s approach to data protection<\/strong><\/p>\n\n\n\n<p>Tabled in 2019 before coming into effect in 2021, Thailand\u2019s Personal Data Protection Act, B.E. 2562 (A.D. 2019) (PDPA) is the country&#8217;s answer to the European Union\u2019s General Data Protection Regulation (GDPR).<\/p>\n\n\n\n<p>As data privacy and protection become ever more important to <a href=\"https:\/\/wsrlawgroup.com\/zh\/new-market-entry\/market-entry-packages\/\" target=\"_blank\" rel=\"noopener\" title=\"SMEs\">SMEs<\/a>, it is essential that all businesses, big and small, have a succinct understanding of how the law will impact their operations and how to remain compliant with the regulations.<\/p>\n\n\n\n<p><strong>Overview of the PDPA<\/strong><\/p>\n\n\n\n<p>In this short article, we will try to summarise some of they key elements of the PDPA that SMEs should be aware of.<\/p>\n\n\n\n<p><em>Complying with the PDPA<\/em><\/p>\n\n\n\n<p>With a couple of notable exceptions, the PDPA applies to legal entities that collect, utilise or disclose a natural person\u2019s personal data.<\/p>\n\n\n\n<p>Most, if not all, businesses will be required to abide by the laws of the PDPA.<\/p>\n\n\n\n<p><em>Obligations under the PDPA<\/em><\/p>\n\n\n\n<p>As a controller of personal data, SMEs are required by law not to collect, use or disclose personal data without the express consent of the data subject.<\/p>\n\n\n\n<p>To be able to utilise data from a customer, it is essential that the request for consent is gained in a written statement or via electronic means.<\/p>\n\n\n\n<p><em>Security requirements under the PDPA<\/em><\/p>\n\n\n\n<p>As cyber-attacks, including ransomware attacks, become more commonplace, it is imperative that you ensure the safety of your data.<\/p>\n\n\n\n<p>The PDPA mandates that companies are under the requirement to have suitable security measures in place to protect the personal data of data subjects.<\/p>\n\n\n\n<p><em>Requirements for data breaches<\/em><\/p>\n\n\n\n<p>In the event of a data breach, the company must inform Thailand\u2019s Personal Data Protection Commission (PDPC) within 72 hours of said breach.<\/p>\n\n\n\n<p><em>Penalties for non-compliance with the PDPA<\/em><\/p>\n\n\n\n<p>As government bodies take a more stringent approach to the protection of data, it is essential that companies take the necessary actions to ensure they remain compliant with the PDPA.<\/p>\n\n\n\n<p>A breach of the PDPA can result in a company facing <a href=\"https:\/\/wsrlawgroup.com\/zh\/publications\/thailand-civil-and-commercial-code\/\" target=\"_blank\" rel=\"noopener\" title=\"civil penalties\">civil penalties<\/a> and <a href=\"https:\/\/wsrlawgroup.com\/zh\/legal-services\/criminal-law\/\" target=\"_blank\" rel=\"noopener\" title=\"criminal liability\">criminal liability<\/a>. Failure to adhere to the regulations of the PDPA can result in fines of THB 5m and\/or a jail term of not exceeding one year. However, this depends on the severity of the data breach and the type of violation.<\/p>\n\n\n\n<p><strong>What does this mean for my business?<\/strong><\/p>\n\n\n\n<p>To ensure SMEs can remain compliant with the PDPA, we suggest the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Conduct a thorough analysis of the requirements of the PDPA to ensure constant compliance.<\/li>\n\n\n\n<li>Develop a stringent internal framework for dealing with the requests of data subjects.<\/li>\n\n\n\n<li>Ensure that all employees are aware of their obligations when handling personal data.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<p><strong>How can WSR International help you?<\/strong><\/p>\n\n\n\n<p>As this article was an introduction to some of the very basic principles of the PDPA, we suggest that companies take a more detailed look at the various requirements under the law, as there are numerous elements to be considered.<\/p>\n\n\n\n<p>With business and <a href=\"https:\/\/wsrlawgroup.com\/zh\/team\/\" target=\"_blank\" rel=\"noopener\" title=\"legal experts\">legal experts<\/a> located in both <a href=\"https:\/\/wsrlawgroup.com\/zh\/contact\/\" target=\"_blank\" rel=\"noopener\" title=\"Bangkok\">Bangkok<\/a> and <a href=\"https:\/\/wsrlawgroup.com\/zh\/wsr-expands-with-new-office-in-phuket-thailand\/\" target=\"_blank\" rel=\"noopener\" title=\"Phuket\">Phuket<\/a>, WSR International are perfectly situated to assist you to get to grips with the PDPA.<\/p>\n\n\n\n<p>If you would like to discuss the contents of this article in further detail, please do not hesitate to reach out to the business and legal experts at <a href=\"https:\/\/wsrlawgroup.com\/zh\/contact\/\">WSR International<\/a>.<\/p>\n\n\n\n<p>\ud835\uddd6\ud835\uddfc\ud835\uddfb\ud835\ude01\ud835\uddee\ud835\uddf0\ud835\ude01\u00a0\ud835\ude02\ud835\ude00:<br>WSR International Co., Ltd.<br>Chartered Square Unit 16-05, 152 North Sathorn, Khwaeng Silom, Khet Bang Rak, Bangkok 10500 VAT Registration no: 0905565001881<br>Phone: +66 92 616 4423<br>Email:\u00a0<a href=\"mailto:info@wsrlawgroup.com\">info@wsrlawgroup.com<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Key takeaways Thailand\u2019s approach to data protection Tabled in 2019 before coming into effect in 2021, Thailand\u2019s Personal Data Protection Act, B.E. 2562 (A.D. 2019) (PDPA) is the country&#8217;s answer to the European Union\u2019s General Data Protection Regulation (GDPR). As data privacy and protection become ever more important to SMEs, it is essential that all [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":9564,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-9563","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business-law"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/posts\/9563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/comments?post=9563"}],"version-history":[{"count":0,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/posts\/9563\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/media\/9564"}],"wp:attachment":[{"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/media?parent=9563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/categories?post=9563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wsrlawgroup.com\/zh\/wp-json\/wp\/v2\/tags?post=9563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}