Thursday, December 17, 2020

Home / ETDA / PDPA / PDPA Compliance / PDPA Key Compliance / personal data / Personal Data Protection Act / sensitive personal data / Thailand / Brief on Personal Data Protection Act (PDPA)

Brief on Personal Data Protection Act (PDPA)

by on in , , , , , , ,

Personal Data Protection Act 

Many International Regulatory Bodies are today focusing on the protection of Personal Data. Significant efforts by the governing bodies have led to the establishment of various Data Protection Laws. In response to the increasing concern over unsolicited marketing communications, the Singapore Government introduced the Personal Data Protection Act.

PDPA Compliance

The primary purpose of the PDPA Compliance is not just to protect Personal Data but also protect the fundamental rights of individuals concerning their Personal Information. The law introduced was to ensure the protection of Personal Data (PD) of individuals that organizations collect during the course of their business.

The law was enforced to balance out the commercial needs of organizations and protect an individual’s right to personal data. Today’s article focuses on the application of the law and PDPA obligations that organizations should meet. But let us first understand more about PDPA Compliance.  


Supervisory authority: ETDA

(Electronic Transactions Development Agency, Ministry of Digital Economy and Society)



Types of Data Protected:


1. Personal Data:

   E.g. Name, Identification number, passport number, address, phone number, fingerprint, vehicle registration plate, date of birth, IP address and MAC address, etc.


2. Sensitive Personal Data:

   E.g. Racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal records, health data, genetics/biological data, etc.


Who will have to comply?

  • All organizations established in Thailand.
  • Organizations outside of Thailand which collect, use, disclose and/or transfer personal data of individuals in Thailand.


PDPA Key Compliance:


1. Consent must be obtained for any collection, use, disclosure and/or transfer of personal data, except others as permitted by laws.

2. Consent (if required) must be freely given, specific, informed and unambiguous, and can be withdrawn by the personal data owner.

3. Use and disclosure must be in line with the purpose(s) as consented by the owner.

4. Use and disclosure must be in line with the purpose(s) as consented by the owner.


Read the full article For Complete guide on Personal Data Protection Act (PDPA) Compliance .

Watch the Webinar On Step By Step Approach To PDPA Compliance



You May Also Like:
By at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Understanding SOC 2 Type 1 vs. Type 2: A Comprehensive Guide

  In today's rapidly evolving digital landscape, organizations are under constant pressure to demonstrate their commitment to security, ...