Thailand’s Personal Data Protection Act.
Pointer

The extraterritorial scope of the PDPA represents a major expansion of Thailand's data protection obligations to cover all processing activities relating to Thailand based data subjects. Further, PDPA defines personal data and sensitive personal data.

Pointer

Data Controller must implement security measures and verification procedures.

Pointer

Data Processor is liable under the PDPA for data security, data transfer and record keeping.

Pointer

Any breach of personal data must be disclosed to the Office of the Personal Data Protection Committee as soon as possible and maximum within 72 hours of the employer becoming aware of it.

Pointer

Under the PDPA, the destination country or any foreign organization that receives personal data from Thai data controllers and processors must have an effective data protection standard.

Pointer

Under the PDPA, there are civil, criminal and administrative penalties. The penalty is dependent upon the nature of offence. The maximum administrative fine is THB 5,000,000.

The Trust Challenge

Key challenges in brief

  • Personal data collected (“Data Inventory”).
  • Retention period for the personal data (“Data Minimization”).
  • Rights and methods in accessing the personal data (“Data Subject Rights”).

This is permissible under the PDPA in a limited number of circumstances. Therefore, the data flow (outgoing personal and sensitive data) ought to be monitored appropriately.

This ought to be notified within 72 hours of becoming aware of any personal data breach, this can be possible only if a “data inventory” for personal and sensitive data is maintained by a data controller.

Data subjects have a series of rights conferred upon them by the PDPA, for instance right to know, right to data portability, right to be forgotten, individual data subjects raise various requests pertaining to their individual data subject rights.

Win-Win Situation

Solutions

Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments. TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

The Trust Challenge

Key challenges in brief

Pointer

Under the PDPA, the data controller has to maintain the following key records, amongst others:

  • Personal data collected (“Data Inventory”)
  • Retention period for the personal data (“Data Minimization”)
  • Rights and methods in accessing the personal data (“Data Subject Rights”)
Pointer

International transfer of personal data: This is permissible under the PDPA in a limited number of circumstances. Therefore, the data flow (outgoing personal and sensitive data) ought to be monitored appropriately.

Pointer

Breach notification: This ought to be notified within 72 hours of becoming aware of any personal data breach, this can be possible only if a “data inventory” for personal and sensitive data is maintained by a data controller.

Pointer

Fulfillment of Data Subject rights: Data subjects have a series of rights conferred upon them by the PDPA, for instance right to know, right to data portability, right to be forgotten, individual data subjects raise various requests pertaining to their individual data subject rights.

Win-Win Situation

Solutions

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party Privacy Intelligence (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

Data Minimization: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

Right to be Forgotten (RTBF) with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

Featured News & Blogs

Be the first to catch our latest updates,
happenings and more.

Follow us