Anuwat Ngamprasertkul, DITP, PDPA, TBALiasadmin

Reminder of Thai Business Association of Lao PDR (TBAL) special seminar

A reminder of the upcoming meeting on “Personal Information Protection in Thailand,” which is being organised by the Thai Business Association of Lao PDR (TBAL) and Thailand’s Department of International Trade Promotion (DITP).

This special seminar will take place on Thursday 26th September from 13:00 to 20:00 at DoubleTree by Hilton Vientiane in Lao PDR.

Distinguished guest speakers at the meeting will include Ambassador Morakot Sriswasdi, Ambassador of the Kingdom of Thailand to Lao PDR, and Mr Thamnong Pholthongmak, TBAL President.

IAS Advisory co-founder Mr Anuwat Ngamprasertkul is honoured to have been asked to join and talk about how Thailand’s Personal Data Protection Act (PDPA) is affecting the way Thai companies are doing business and its impact on international transactions.

For those interested in attending this prestigious event, please register using the below QR code or, alternatively, call: +856 20 5558-1238.

Anuwat Ngamprasertkul, PDPAiasadmin

PDPA enforcement update & implications for your business

Yesterday, on 21st August 2024, the Office of the Personal Data Protection Committee (the “PDPC”) and the Ministry of Digital Economy & Society announced a significant enforcement action. The Expert Committee on Technology & Related Issues (Committee 2) imposed a fine of up to THB 7,000,000 (Seven Million Thai Baht) on a major private company engaged in online trade.

The fine was levied due to the company’s failure to adequately protect personal data, leading to a breach that exposed sensitive information to call centre gangs.

The company had collected personal data from over 100,000 customers but did not appoint a Data Protection Officer, as mandated by Section 41 of the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”). From the PDPC’s investigation, the Company was found to have insufficient security measures in place to protect customer data as required by Section 31(1). They also failed to identify the breach and notify the affected customers and the PDPC of the breach in a timely manner, in violation of Section 37(4).

This is the first administrative fine to be issued under the PDPA. Such enforcement action reflects the PDPA’s alignment with the European Union’s General Data Protection Regulation (the “GDPR”).

Mr Prasert Jantarawongthong, Minister of Digital Economy & Society, emphasised that this decision underscores the importance of compliance with data breach reporting requirements and serves as a cautionary message to all organisations. A further release of the full directive is expected and should benefit other operators in implementing their own compliance practices. It will also provide a clearer picture of the PDPC’s enforcement approach.

For guidance on navigating the PDPA and ensuring the compliance of your organisation, please contact us. Our team of lawyers is here to help you implement effective data protection strategies and avoid regulatory pitfalls.

This article was researched and prepared by Ms Lavanya Dev-Kauffmann.

Data Privacy, Personal Data Protectioniasadmin

IAS Advisory delivers PDPA training & workshop event for EXAT

IAS Advisory is proud to have successfully delivered a three-day Personal Data Protection Act (PDPA) training and workshop event for the Expressway Authority of Thailand (EXAT) from 20th-22nd September 2023.

Sessions were led by co-founding partner, Mr Anuwat Ngamprasertkul, and by associate, Mr Piniti Chomsavas, who are experts in data protection and privacy law in Thailand.

Training covered PDPA general knowledge and best practice to help ensure compliance. We also went through case studies from General Data Protection Regulation (GDPR) countries, and looked at how to handle data breaches, consent management, and data subject rights.

Workshops were a hands-on experience for participants, who were divided into groups and given real-life scenarios to solve.

(more…)
Read More
Data Privacy, Personal Data Protectioniasadmin

NIDA invite Anuwat to run workshop on personal data privacy and protection

Dr Auntika Na Pibul, a professor at the Faculty of Laws, National Institute of Development Administration (NIDA), invited IAS Advisory co-founding partner Mr Anuwat Ngamprasertkul to run a half-day workshop as part of NIDA’s recent two-day personal data privacy and protection training course, which was held for nationwide university staff in Thailand.

The training course, led by Dr Auntika and several other PDPA experts, took place from 13-14th July 2023.

Anuwat’s workshop focussed on enabling participants to understand and prepare consent and privacy notices, part of a broader examination of personal information management techniques under Thai law and European standards for university workers.

For more information about NIDA, visit: https://nida.ac.th/en/

(more…)
Read More
Data Privacy, Personal Data Protectionadmin

Anuwat directs workshop and training for large state-owned enterprise

It was a pleasure for IAS Advisory co-founding partner Mr Anuwat Ngamprasertkul to present and direct a training session and workshop for more than 400 participants from a Thai state-owned enterprise last month.

The subject of the event, on 2nd February 2023, was Thailand’s Personal Data Protection Act (PDPA) and its related regulations and what organisations need to do to ensure compliance.

In the training session, participants learnt about the fundamentals of PDPA compliance, including the life cycle of personal data in an organisation’s business operation. Also, how personal data can be justifiably collected, processed, circulated, disclosed and retained and how this aligns with or is required to change under the PDPA. Anuwat also covered how compliance is organised and which business units are involved during the session.

Then, during the workshop, representatives from 10+ business units of the organisation delved into how personal data is actually processed, links up with other units and flows out to external parties in compliance with one of the key legal requirements of the PDPA.

(more…)
Read More