9 Useful Steps to Becoming Compliant with the Personal Data Protection Act (PDPA)

Here are 9 useful steps to become compliant with the Personal Data Protection Act (PDPA)

1 Policy by Management
Determine personal data protection policies within the organization. Both the data protection policy and the data security policy.

2 Data Protection Officer (DPO)
Appoint a “Personal Data Protection Officer” of the organization (Data Protection Officer: DPO) to provide knowledge and understanding about the Personal Data Protection Act for a group of personnel who must respond to the processing of personal data within the organization. However, DPO could be internal staff or external.

3 Record of Processing Activities
Review the organization of processing personal data such as descriptions, collection, usage, transfer, and data subject rights what types of data it collects, both Personal Data and Sensitive Data. Including IT systems and software related to the management, storage, and processing of all personal data within the organization.

4 Data Subject Rights
Inform data subject about any new uses of personal data before start the processing including various rights as prescribed by law.

5 Consent
Obtain consent from the data subject If sensitive data is processed or when the personal data is used more than necessary.

6 International Data Transfers
Verify the destination country to which the personal data will be transferred to have adopted the standards in the law of data protection that match with the PDPA or better.

7 Data Processing Agreement
Draft the agreement between the Controller and the Processor (Data Processing Agreement: DPA) to define rights, duties, and responsibilities regarding data processing

8 Data Breach Notification
Provide notifying the personal data breach to the Office of the Personal Data Protection Commission (PDPC) within 72 hours after having become aware of it.

9 Channels to exercise the right of the data subject
Arrange various channels which not require any fees and are easy to access for exercising rights of the data subject.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by 'GDPR Cookie Consent' to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by 'GDPR Cookie Consent', this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by 'GDPR Cookie Consent', this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_RW533PYDK2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_216690146_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
EAxsTQUrFjPy	1 day	No description
MHYWnAL	1 day	No description

Here are 9 useful steps to become compliant with the Personal Data Protection Act (PDPA)

Author: Jurarat F., Legal Technology Counselor