Building PDPA Complianace. Thailand’s Personal Data Protection Act (PDPA) is among the wave of privacy laws coming into effect on a global scale. After years of legislative attempts, Thailand has created the PDPA to govern data protection and allow the people of Thailand to exercise their right to privacy. Taking effect on May 28th, 2019, the PDPA applies to any organization, large or small, processing personal data while supplying goods or services to Thailand residents or operating within the country. Similar to the GDPR and Brazil’s LGPD, the PDPA assures a set of rights, or protections, to data subjects.
Right to be informed; [Section 23]
Right to consent withdrawal; [Section 19]
Right to data portability;[Section 31]
Right to access; [Section 30]
Right to object; [Section 32]
Right to erasure; [Section 33]
Right to restriction; [Section 34]
Right to rectification; and [Section 35]
Right to complaint. [Section 33 & 34]
Establish PDPA Compliance Under Thailand’s Personal Data Protection Act
Maturity & Planning
Data Inventory & Mapping
Data Subject Rights
OneTrust Targeted Data Discovery(TM)
Website & Mobile App Scanning
Consent & Preference Management
Policy & Notice Management
Incident & Breach
Vendor Risk Management
Research & Readiness
Measure your current standing and build a data protection program to adhere to PDPA compliance standards.
Appoint and Empower Your Data Protection Officer (DPO) [Section 42 & 40 (3)]
How OneTrust Helps – OneTrust Data Inventory & Mapping
Assign DPO ownership to activities and maintain secure internal and external communication to fulfill data subject requests. Empower your DPO with access to evergreen information. Categorize, link and track PDPA relevant information. OneTrust Data Mapping & Inventory technology provides an up-to-date, auditable record of processing to review, report, and export necessary information to the proper individuals or regulating authorities.
Stay Up-To-Date with the Latest Changes and Amendments to the PDPA [Section 16 (6)]
How OneTrust Helps – OneTrust DataGuidance
OneTrust DataGuidance provides a central repository for PDPA resources, that are indexed and categorized for optimal search functionality. Resources include the PDPA text, summaries, guides, interpretive guidance, and regular update announcements such as the latest additions or clarifications provided by PDPC.
Monitor and Measure Personal Data Risks
How OneTrust Helps – OneTrust Maturity & Planning + Program Benchmarking
OneTrust’s Maturity & Planning and Program Benchmarking tools allow you to assess and score your program’s effectiveness, identify gaps in your compliance efforts, and measure your progress over time. Utilize the research-rich resources platform to review your operations in the context of the latest PDPA and global compliance standards, as well as benchmark your readiness against other companies.
PDPA Privacy Governance Solutions
Optimize Data Collection and Survey Risk Across your Business [Section 39]
How OneTrust Helps – OneTrust Assessment Automation
OneTrust Assessment Automation offers updated, PDPA-specific PIAs to adhere to data minimization and purpose limitations specified in the PDPA and your internal policy. Utilize our Risk Assessments to survey your practices and auto-flag and assign a risk score to responses out of line with the PDPA or your internal policies.
Document and Respond to Breach Incidents [section 40 part 2, Section 37 part 4]
How OneTrust Helps – OneTrust Incident & Breach Response
Use OneTrust Incident & Breach Response to analyze incidents via a built-in, PDPA Notification assessment template. Respond and implement a treatment plan with customizable workflows to streamline response and notification.
How OneTrust Helps – OneTrust Vendor Risk Management
Document vendors and data flows between your organization to measure PDPA compliance. Implement controls across your value-chain from third party suppliers, service providers and vendors around the globe. Extend data access and deletion efforts across third party reach
How OneTrust Helps – OneTrust Policy & Notice Management
Draft and document your business’s data management policy. The OneTrust Policy & Notice Management tool supports full version control and archiving so you can ensure the most up-to-date policy is displayed as reference to potential data subjects, as well as your entire organization.
PDPA Data Subject Rights & Consent Management
By leveraging OneTrust, Organizations support Data Subject rights from the collection of valid consent to the fulfillment of data subject requests.
Uphold Data Subject Rights
How OneTrust Helps – OneTrust Website & MobilE App Cookie Compliance, OneTrust Consent & Preference Management
Choose from our library of default cookie banners that reflect PDPA-specific messaging. Using geolocation, OneTrust can customize the session experience to display the related cookie banner with appropriate consent models depending on the website visitor’s location. With our website and mobile scanning, organizations can control tracking, personalization, and third-party cookies.
How OneTrust Helps – Consent and Preference Management
Integrate with consent documentation across data collection points to generate detailed records and produce consent reports in the event of regulatory inquiry. Configure a centralized preference center to reduces opt-outs, while still enabling data subjects to withdraw consent and change their preference settings
Secure communication and processing to fulfill data subject requests – [Chapter 3, Section 30]
How OneTrust Helps – OneTrust Data Subject Rights Management & Targeted Data Discovery
Automate the fulfillment of Data Subject Access Requests (DSAR) at every stage with OneTrust Targeted Data Discovery™. Quickly identify where data resides throughout your systems and utilize PDPA-specific response workflows to respond to requests, document exceptions, and reduce unnecessary work.
Two-day onsite review of current privacy initiatives and complete a gap analysis against PDPA requirements
Our team can help scope and advise your team on implementing your PDPA compliance program, create a customized implementation plan and train key members, and execute hands-on proof of concepts for your team.
Evaluate readiness across key PDPA compliance areas, including Data Subject rights and business obligations and walk away with a detailed report.