10 things that need to be “reviewed”. Businesses are getting ready for PDPA.

The enactment of the PDPA (Personal Data Protection Act, B.E. 2562) is a wake-up call for businesses to get ready for regulatory compliance. However, how do you know that you have done everything correctly according to the law?

Check if you have complied with PDPA requirements by completing the following checklist:

- Does your business need a data protection officer? Have you provided contact information of the DPO (or his/her representative) in every document or material that contains personal information?
- Choose an appropriate lawful basis for each processing. If you cannot find a specific legal basis to justify your data processing, a consent from the data owner must be obtained. In this regard, have you prepared a Consent Form?
- Prepare a RoPA (Record of Processing Activities) and train your personnel on how to complete such a document to enhance your personal data protection system and show your accountability before the Personal Data Protection Commission.
- Prepare a Privacy Policy containing the purposes for which personal information will be collected, used and disclosed, including the retention period, and inform the data owners of such policy.
- Prepare a data breach contingency plan where each breach must be notified to the Personal Data Protection Commission within 72 hours after knowing of the situation.
- Don’t forget to have in place a system that facilitates the exercise of PDPA rights.
- Inspect and improve your IT security system;
- Grant access to personal information to authorized persons only and prevent any unauthorized access to such information.
- Train your personnel on PDPA; raise awareness about personal data protection within your organization e.g. keep documents in a locked cabinet, turn off your desktop monitor when leaving etc. to prevent data breach from human errors.
- Carry out a Data Protection Impact Assessment (DPIA) if any high risk occurs and needs to be complied with the PDPA standards.

PDPA Compliance Audit by PDPA Thailand to get you ready for the Personal Data Protection Act, B.E. 2562.

This service is a comprehensive review of your organization to ensure that it is following the PDPA requirements. The service consists of reviewing internal documents and conducting interviews to see if your management of personal data complies with the law. The operation lasts about 3 months (depending on the size of the organization) and includes:
PDPA Audit Checklist: a documentary audit of your management of the personal information within your organization in accordance with the Personal Data Protection Act;
Gap Analysis: an audit, analysis and assessment of PDPA gaps in your organization;
Dimension Checklist: an analysis of organizational readiness in 3 dimensions: document, disclosure and use.

Details of Personal Data Management Service to Ensure PDPA Compliance

Creating a project timeline;
2. รวบรวมข้อมูลเพื่อทำการสอบทาน (Collect)
2.1 รูปแบบเอกสารตามรายการที่กำหนด (Checklist)
2.2 รูปแบบการสัมภาษณ์ผู้ปฏิบัติงานภายใน (Interview)
Conducting a data analysis to ensure compliance with personal data protection policy;
Conducting a gap analysis;
Prosing an audit conclusion;
Preparing a full report containing the following:
  • Executive summary;
  • Assessment;
  • Gap analysis;
  • Suggestions;
  • Reference/Appendix


โทรศัพท์ : 02-029-0707 ต่อ 4  หรือ 081-632-5918

Line : @pdpathailand

Messenger : PDPA Thailand

Email : [email protected]

Our Services

PDPA Consultant

Our experts provide advisory services on legal matters, management, work process, and software related to personal data protection.

PDPA Audit

We provide a complete range of PDPA audit services, including operational audit and in-house trainings.

DPO Services

Our data protection officers, a.k.a. DPO, work together with your data controllers (DC), data processors (DP) and other personnel.