Companies have been given a 180-day grace period to prepare for the PDPA’s enforcement and become completely compliant, according to the latest statements.
The third notification establishes the minimal standards for securing personal data in accordance with the Digital Economy and Society Ministry’s safety measures.
Furthermore, to guarantee that these procedures are implemented, the minimum safety criteria have been established in such a manner that they would not impose a significant financial burden on businesses.
Prior to the implementation of these new announcements, the PDPA imposed severe penalties for individuals who violated it.
The complete PDPA law went into force on June 1st, but these new announcements took effect on June 21st, 2022. Four additional announcements are also expected to be made before the end of June. There is presently no information on what these further announcements are about.