PDPA updates: What is the PDPA in Thailand?
The PDPA is a statute that prohibits the unauthorized disclosure of a data subject’s personal information. The PDPA will apply to any collection, use, or disclosure of personal data collected within Thailand by a data controller or data processor. When a data controller or data processor is based outside of Thailand, however, the PDPA still applies if the data subject whose data is collected, used, or disclosed is located in Thailand.
What are the four declarations of the PDPA updates?
1. Relaxation of the Data Protection Officer's data record requirements for small-to-medium-sized organizations (SMEs)
SMEs and community companies are no longer required to log data controllers’ working records.
The exception applies to the organizations listed below:
|➤ SMEs and factories that employ no more than 200 people and earn no more than 500 million baht per year, or a retail shop or corporation that employs no more than 100 people and earns no more than 300 million baht per year|
|➤ Community businesses|
|➤ Enterprises that benefit society|
|➤ Foundations, associations, religious organizations, and non-governmental organizations (NGOs)|
|➤ Family firms or similar enterprises|