Compliance with Thailand’s Personal Data Protection Act (‘PDPA’) has been on the horizon for many organizations since it was published in the Thai Government Gazette on May 27, 2019. After the original PDPA compliance deadline of May 27, 2020 was postponed to May 31, 2021 due to the Coronavirus pandemic, the deadline for compliance had firmly in the spotlight for businesses that fall under the PDPA’s scope. However, on May 5, 2021, the Ministry of Digital Economy and Society announced that the Cabinet of Thailand had approved a draft decree that would postpone the enforcement of the PDPA for a second time, citing the impact of the Coronavirus pandemic on the country’s society and economy as the driving force for the postponement. The new deadline of June 1, 2022 means that organizations that have operations in Thailand have a further 12 months to prepare their PDPA compliant privacy programs.

 

Keep up-to-date with developments regarding the second postponement of the PDPA with OneTrust DataGuidance 

 

In many ways, the PDPA reflects the EU General Data Protection Regulation (GDPR)with similar provisions in relation to the legal bases for processing personal data and extraterritorial scope. These similarities make organizational readiness slightly less of a headache for companies that have already created GDPR compliance programs. However, there are many differences that still apply to businesses regardless of their previous compliance effortsMaking PDPA readiness a top priority to all applicable organizations.  

Are Companies in Thailand Ready? And What Can You Do to Prepare for the PDPA Compliance Deadline? 

According to PWC Thailand’s PDPA Survey 2020only 5% of respondents have finalized their preparedness for the PDPA’s compliance deadline while 34% have not started their preparations. Furthermore, 75% of respondents state that they are fully aware of the PDPA’s requirements. It is safe to say that, while awareness of the PDPA is high, there is still a long way to go for many organizations to be ready for the June 1, 2022 deadline. So, what can organizations do to begin, or enhance their readiness for the PDPA? 

Beyond the considerations listed above, organizations with operations in Thailand should also be aware of data breach reporting and documentation, upholding data subject rights and fulfilling data subject access requests, and control over third-party access to data.  

 

Register for the webinar: Thailand PDPA: What You Need to Know on May 11 at 9:00 am BST 

How OneTrust Helps Organizations Achieve PDPA Readiness

OneTrust is the most widely used solution for privacy and security compliance and has helped over 8000 customers with compliance programs from the GDPR, to the LGPD, and the CCPA. OneTrust offers its Data Mapping tool that helps build the foundation of an organizations compliance programOneTrust Data Mapping leverages flexible intake methods to populate data inventoriesautomates risk identification and mitigation, and generates reports, empowering organizations to build and maintain ongoing compliance with the PDPA. 

Demonstrate accountability and readiness and prioritize PDPA compliance requirements with OneTrust Maturity & BenchmarkingThrough built-in readiness assessments, organizations can evaluate their readiness for compliance with the PDPA as well as properly inform ongoing planning and maintenance of their privacy program as a result 

All of OneTrust’s compliance solutions are underpinned with regulatory knowledge from OneTrust DataGuidance, an in-depth and up-to-date privacy and security regulatory research platform powered by more than two decades of global privacy law researchOneTrust DataGuidance offers resources for understanding obligations under the PDPA such as Insight articles provided by local experts, reports – including the Comparing Privacy Laws: GDPR v. PDPA report – and daily news updates to assist organizations with understanding the latest additions or clarifications provided by the PDPC.  

The recent postponement of the PDPA has eased the pressure on many organizations seeking to make sure their data protection programs are compliant with the PDPA. However, many organizations will benefit from leveraging the right tools and solutions to get their PDPA compliant privacy program up to speed in time for the June 1, 2022 deadline. Request a demo to find out how OneTrust can help your organization in its readiness for the PDPA. 

Further reading on the Thailand Personal Data Protection Act: 

Next steps on readiness for the PDPA compliance deadline:  

Follow OneTrust on LinkedInTwitter, or YouTube for the latest on the Thailand Personal Data Protection Act.