Athistha (Nop) Chitranukroh, partner and deputy director of Tilleke & Gibbins’ corporate and commercial group, and joint head of the firm’s Technology Industry Group, has been quoted in an article by DataGuidance—a privacy solutions and resource provider that helps companies achieve and maintain compliance with international data privacy regulations. The article addresses Thailand’s new Personal Data Protection Act (PDPA), which was signed into law in May, 2019, with a one year grace period for companies to comply.
In the article, Nop discusses how “…[t]he PDPA will impose higher operating costs to business operators. For example, it requires a data controller and a data processor to designate a data protection officer in cases where, in respect to collecting, using or transferring personal data, there is ‘regular and systematic monitoring’ of individuals at a large scale as further designated by the Personal Data Protection Committee; or the core activities of a data controller or a data processor are related to collecting, using, or transferring sensitive personal data. […] There is also a data breach notification requirement that in case of a data breach, and depending on the degree of risk associated, notification to the regulator and each individual data subject within 72 hours could be required. […] [In addition,] the high risk [for non-compliance] would be more on the data controllers, that under the definition of the PDPA are required to handle a significant volume of personal data.”
The article is available in full on the DataGuidance website.