A unified platform for PDPA Thailand compliance and governance
Our Privacy and Data Governance Cloud supports your compliance journey with relevant regulatory research, automation of data subject rights request fulfillment, and by streamlining data collection and incident response.
Stay up to date on the latest amendments with a centralized repository of full PDPA text, summaries, and regulatory guidance. Leverage maturity and benchmarking tools to assess your program’s effectiveness and identify gaps in data security or data protection policies.
Uphold data subject rights by choosing from a library of customizable cookie banners that reflect PDPA-specific messaging and utilize geolocation to display the appropriate consent models depending on the website visitor’s location. Scan your website and mobile apps for cookies and document verifiable consent across data collection points.
Automate the fulfillment of data subject requests with targeted data discovery and quickly identify where data resides throughout your systems. Respond to requests quickly by using PDPA response workflows.
Leverage privacy impact assessments (PIAs) to adhere to data minimization and purpose limitations, track key attributes and automatically assign risk scores. Collaborate with your DPO and share results.
Use incident management plan templates to minimize risk should a breach occur. Analyze events with data breach notification templates and utilize workflows to meet the 72-hour notification requirement.
Understanding the EU Data Boundary
Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.
We’re here to support you in achieving and maintaining Thailand PDPA compliance. In the meantime, explore answers to frequently asked questions.
Thailand Personal Data Protection Act (PDPA) regulates data collection and data processing activities. It is based on the EU’s General Data Protection Regulation (GDPR) and shares similar provisions related to legal bases for personal data collection and processing, data subject rights, and scope. It was passed in 2019 and went into effect on May 27, 2021.
The law applies to data controllers and processors who operate in Thailand. It also covers anyone outside of the country that sells, offer services, or monitors the behavior of Thai residents.
The PDPA requires companies to respect the rights of data subjects and fulfill rights requests. These rights are like those found in the GDPR and include the right to be informed, access to their information, the right to opt-out, and data portability. Companies must limit their data collection to their original lawful purpose, ensure the data is accurate and complete, obtain verifiable consent with the data subject before cross-border data transfer, and notify individuals of data breaches within 72 hours if their personal data was exposed. They must also employ a representative in Thailand if they monitor individuals in the country.
The Privacy and Data Governance Cloud streamlines your compliance with automated data discovery and record keeping, pre-built workflows and templates, and privacy impact assessments (PIAs). You can even leverage a knowledge base built by privacy and legal experts to stay updated with the latest regulatory changes and accelerate your trust transformation journey.
Ready to get started?
Request a free demo today to see how OneTrust can guide your trust transformation journey.
Our privacy center makes it easy to see how
we collect and use your information.
When we collect your personal information, we always inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.