The Organization’s Duty Even before the Effective Date of PDPA

Counting down to 1st June 2022, several organizations in Thailand have started the compliance process of PDPA. However, with today’s challenges, many organizations are struggling to comply with PDPA. While this may be understandable, there is an effective legal duty that the organization needs to be aware of.

‘The Security Standards for Personal Data Notification’ was issued by Thailand’s Ministry of Digital Economy and Society to set out the minimum security standards for personal data protection under PDPA. The notification has been extended the effective period and is in full effect from July 2020 until the end of 31 May 2022.

The organizations as data controllers are required to do mainly two things.

– Arrange their security measures related to access control of personal data covering from administrative safeguard, technical safeguard to physical safeguard.

The minimum requirement of security measures should include practical access control method and necessary equipment, user access management, setting of user responsibilities, and history log of personal data activities.

– Notify the security measure to their employees and whom it may concern and create awareness among these people to ensure their understanding of data protection.

While PDPA is still in postponement period, the organizations are after all required to maintain their security measure to meet requirements under this ‘’The Security Standards for Personal Data Notification.’

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by 'GDPR Cookie Consent' to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by 'GDPR Cookie Consent', this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-others	1 year	Set by 'GDPR Cookie Consent', this cookie is used to store the user consent for cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	Set by 'GDPR Cookie Consent', this cookie is used to store the user consent for cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_RW533PYDK2	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_216690146_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
EAxsTQUrFjPy	1 day	No description
MHYWnAL	1 day	No description

Author: Punsuree K., Legal Technology Counselor.