A key component of the Thai PDPA is the rights prescribed to data subjects that fall under the law’s personal scope. The incoming law outlines several rights for data subjects including but not limited to, the right to access, the right to erasure, the right to withdraw consent, and the right to data portability. Each of these rights presents its own set of challenges but with the right communication channels, consent management platforms, and data inventories the burden of these tasks can be significantly reduced.
As we have outlined in a previous blog, privacy rights awareness is on the rise amongst consumers on a global scale and as a result, an increase in data subject access requests (‘DSARs’) is on the cards for many organizations. Despite the Thai PDPA being postponed a further 12 months to June 1, 2022, organizations should still be looking to introduce best practices now in order to be prepared in time for the PDPA’s compliance deadline. OneTrust offers many solutions that can help streamline the DSAR process, comply with regulatory requirements, and build consumer trust with simple implementation to get you up and running with plenty of time to spare.
Download the report: Comparing privacy laws: GDPR v. Thai Personal Data Protection Act
Central to the Thai PDPA is its wide range of data subjects’ rights which organizations are responsible for bringing to the attention of individuals. In many ways, the data subject rights under the PDPA resemble those under the GDPR, as such organizations currently operating in the EU will likely have a head start with PDPA compliance. However, for a large number of organizations support will be needed in order to set up an effective data subject rights fulfillment process.
Data subject rights under the PDPA include:
Get started: OneTrust Privacy Rights Management (DSAR)
Organizations becoming obligated to inform data subjects of their rights will ultimately lead to greater awareness and an increase in individuals exercising these rights. In this case, automating the fulfillment of DSARs will help streamline the process as well as save privacy teams valuable time and resources. OneTrust can help with its Targeted Data Discovery™ technology which can quickly identify where data resides throughout your systems and utilize PDPA-specific response workflows to respond to requests, document exceptions, and reduce unnecessary work.
The PDPA also requires companies to maintain accessible channels to communicate consent and initiate data subject rights. Organizations will need to produce a machine-readable format of the data they hold on a data subject and be prepared to erase or delete personal information upon request. OneTrust Consent and Preference Management integrates with consent documentation across data collection points to generate detailed records and produce consent reports in the event of a regulatory inquiry. Furthermore, you are empowered to configure a centralized preference center to reduce opt-outs, while still allowing data subjects to withdraw consent and change their preference settings.
The PDPA may not be effective until 2022 but that shouldn’t mean that your organization waits until the eleventh hour to implement best practices for handling data subject rights requests. OneTrust offers a wide suite of solutions tailored to be PDPA specific that can help to automate and streamline your data subject rights processes now. Request a demo to find out more about how OneTrust can help.