DATA PRIVACY MATTERSNumber One Data Privacy Blog
The PDPA’s breadth of application and the adverse consequences for businesses do not comply with its terms make it crucial for all companies to fully understand the requirements and potential impacts on their businesses. Moreover, though there are similarities between the PDPA and the GDPR,
These changes are the first changes to the PDPO to be proposed in over 10 years. They are in response to recent data protection related events in Hong Kong and reflective of changes and new laws we have seen in other jurisdictions.
PDPA Section 28 also provides express requirements for cross-border transfers of relevant personal data to foreign recipients outside Thailand
The most controversial requirement of the draft bill is a data localisation policy which demands that a copy of all personal data falling under the incidence of the bill be stored in India by the data controller
Contravention of an enforcement notice issued by the Commissioner is also an offence which may result in a maximum fine of $50,000 and imprisonment for 2 years, with a daily penalty of $1,000. Subsequent convictions can result in a maximum fine of $100,000 and imprisonment for 2 years
Individuals/data subjects who wish to make data access requests may download the Data Access Request Form (OPS003) from the Privacy Commissioner’s Office