Here is a checklist to help you assess your compliance:

• Do you have a data protection officer (DPO)? If you process a high volume of personal data, you are required to have a DPO.
• Have you obtained consent from data subjects for each processing activity? If you cannot find a specific legal basis to justify your data processing, you must obtain consent from the data subject.
• Have you prepared a Record of Processing Activities (RoPA)? The RoPA is a document that describes how you collect, use, and store personal data.
• Have you prepared a Privacy Policy? The Privacy Policy should explain to data subjects how their personal data will be collected, used, and stored.
• Do you have a data breach contingency plan? In the event of a data breach, you must notify the Personal Data Protection Commission (PDPC) within 72 hours.
• Do you have a system in place to facilitate the exercise of data subject rights? Data subjects have the right to access, correct, delete, and port their personal data. You must have a system in place to allow data subjects to exercise these rights.
• Have you inspected and improved your IT security system? You must take steps to protect personal data from unauthorized access, use, disclosure, destruction, or loss.
• Do you grant access to personal data only to authorized persons? You must ensure that only authorized persons have access to personal data.
• Have you trained your personnel on the PDPA? You must train your personnel on the PDPA so that they understand their responsibilities under the law.
• Have you carried out a Data Protection Impact Assessment (DPIA) for any high-risk processing activities? If you engage in any high-risk processing activities, you must carry out a DPIA to assess the risks to data privacy.

If you are not sure if your business is compliant with the PDPA, you can contact us for a free consultation. We can help you assess your compliance and take steps to become compliant.