PDPA Compliance is Crucial in Avoiding Penalties

Penalties for non-compliance with the PDPA are severe
Table of Contents

Thailand’s PDPA (Personal Data Protection Act) is designed to prevent personal information from an employee or job applicant from being shared freely or the individual being tracked by business owners, company managers, or HR departments on the company’s website.

The PDPA has severe penalties for any company found to have violated its rules and requirements. We’ll offer a comprehensive overview of the PDPA, its requirements and penalties, and how your company can best ensure compliance.

Does the PDPA Apply to My Website?

The PDPA applies to any Thai company that processes personal data within Thailand from Thai or foreign individuals, offers products or services to individuals in Thailand, or tracks the activities of individuals in Thailand.

The personal information covered by the PDPA includes:

  • ID Card information
  • House registration information
  • Salary
  • Work assessments
  • Absenteeism
  • Late arrivals
  • Health history
  • Criminal record

Furthermore, the company’s human resources department (HR) must make available a statement describing precisely the reasons for collecting, using, or disclosing personal data.

HR in Thailand is considered the personal data controller with the authority to make decisions regarding the collection, use, or disclosure of personal information.

Consent Notification Requirements

Thailand’s PDPA relies on the “opt-in” principle, meaning that if you haven’t explicitly been allowed to process someone’s personal information and use cookies and other tracking technologies, you are strictly forbidden from doing so. Using the following guidelines will ensure your compliance with the requirements:

  • Consent must be obtained before the collection of data. Data controllers cannot collect the data without first obtaining consent.
  • Consent must be explicit and not implied. The blanket implied statement, “You accept cookies by browsing this website,” is not valid under the PDPA’s requirements.
  • The consent must be freely given and not subject to any restrictions or conditions.
  • Consent must not be bundled with the acceptance of terms or conditions. Accepting terms and conditions cannot mean accepting cookies.
  • Subjects must be informed of the purpose of data collecting and processing.
  • The consent request must be a separate document from all other documents.
  • The wording in the request form must be in plain language and not be misleading or deceptive.
  • Websites must provide clear and easy-to-follow instructions that make it easy to withdraw consent after it has been given.

Penalties for Non-compliance

Data from job applicants can’t be disclosed under the PDPA.

The penalties for non-compliance with the PDPA are enforced under both administrative and criminal laws. Both categories have severe penalties for non-compliance. Administrative penalties are levied by the Personal Data Protection Committee. These penalties can include fines of up to THB 5 million, based on the severity of the infraction.

Breaches of the PDPA which are judged to be criminal in nature can include penalties of a maximum of one year’s imprisonment and a fine of up to THB 5 million. These penalties cover violations that include:

  • Disclosure of personal data to another individual during the execution of duties covered by the PDPA.
  • Disclosing sensitive personal data without the consent of the data subject.
  • Disclosing personal data beyond the scope of the given consent for personal gain or in a manner that could harm the subject.
  • Transferring personal data to a nation lacking personal data protection for personal gain or in a manner that could harm the subject.

If the specific case results in damages to the subject, the company owning the website can be held liable.

How to Legally Comply with the PDPA Requirements

PDPA compliance in Thailand is one of the special services offered by Vinarco International. One of the PDPA’s first requirements is to appoint a Data Protection Officer (DPO) to be responsible for data protection on your website. Vinarco offers an outsourced DPO service that eliminates the challenge of managing your organization’s compliance with the PDPA laws of Thailand and overseas.

Our PDPA compliance consultants will study your business and website and develop and implement effective and comprehensive data protection protocols to ensure your organization is fully protected under the law.

Contact Vinarco to ensure your organization complies with the PDPA in Thailand.
Testimonials
I found Vinarco, and more importantly its staff, to be experienced and knowledgeable, acting with professionalism and with due diligence.
Malcolm BramfittProject Services Manager, PTTEP Thailand
Vinarco ensures quality service delivery and are helpful with a great attention to detail. I would recommend them to anyone.
Jean F. RedonExecutive Vice President, Synova Power Thailand
I have worked via Vinarco in Thailand while employed with Chevron Thailand for approximately 4 years. I would highly recommend Vinarco as an agent and for support in any situation. Vinarco were very professional and provided on time answers to any and all issues.
Jack LoveladdyDrill Site Manager, Chevron Thailand
Follow our social media
Facebook Linkedin
Recent Posts
 
Categories

The Vinarco Group was established in Asia in 1993 and has become a market leader in providing diversified technical and professional consultancy services across Asia. With each successive year, we are continuing to broaden our geographical footprint and to expand our range of services.

About Vinarco
Services
Key Industries
Contact Us
Follow Us

We use cookies to improve performance. and good experience using your website You can study the details at PDPA Terms and can manage your own privacy by clicking setting

Allow
Privacy Preferences

You can choose cookie settings by on/off. Cookies of each type are available on request, except for essential cookies.

Allow All
Manage Consent Preferences
  • Always Active

Save