PDPA –An act that is closer to us than we think
PDPA (Personal Data Protection Act 2019) is an act that was announced in the Royal Thai Government Gazette on 27 May 2019 and parts of the act were official on 28 May 2019. By 27 May 2020, this act was then fully official.
The reason that PDPA has become official is due to the development of technology. There are many more types of online platforms and communication channels that cause the violation of personal data to happen easier and, most of the time, it brings about problems and losses for the data’s possessors as well as affects the nation’s economy. Thus, there has to be a law regarding the protection of personal data to set the standard or measure to oversee the protection of personal data which includes the collection, usage, and disclosure of information.
Is the information about an individual that allows others to directly or indirectly detect that individual in which the information of the deceased and juristic person is not considered as personal data under this act.
Personal Data The general personal data is, for example, name – surname, identification number, address, mobile number, date of birth, email, educational background, occupation, photo, and financial information. Apart from that, personal data also includes Sensitive Personal Data such as medical or health records, genetic and biometric information, race, political opinion, religion and belief, gender preference, criminal record, labor union information, etc.
Data Subjects are
People who are involved in personal data
The collection, usage, and disclosure of personal information can be done under the following conditions:
Cross-border Personal Data Transfer
The destination or international organization that receives personal data will have to have a reliable standard to protect personal information. Otherwise, consent from the data subject has to be obtained or it goes according to law/contract or the benefit of the public only.
Penalty for violation of PDPA
For the personal information to be used in the right way and have more pros than cons, careful consideration will have to be taken before any disclosure of information. For example, the information for delivery purposes. If there is any information that is not related to the delivery, the data subject has the right to refuse to provide the information. Also, the data collector will have to know the limit to get personal information. There must be a system to control/verify identity to access the information and there must be an organizational policy for people who are involved to follow otherwise it will result in the following punishments: