At Pimaccounting, our Data Privacy, Data Protection, and PDPA consultants offer cutting edge, practical and effective solutions for all your PDPA, privacy and cyber security challenges – no matter how small or large your organisation.
Audit / PDPA expertise / Cyber Security / DPO / Data Breaches
Ensuring the value of data is recognized and protected throughout its life-cycle
As a certified Data Protection Officer and Legal firm, our knowledge of Thai markets allows us to provide tailor-made solutions for transactions, risk, and executive services to clients.
We reinvent the rules of business by implementing the right technology, redefining industry business models and changing human behaviours and customer expectations.
We utilise our local, technical and legal expertise in a rapidly evolving business and regulatory environment and guide our clients through all relevant data protection processes,
With so many laws and regulations surrounding data security and usage, it’s not surprising that most people find it overwhelming. Collecting, sharing, and using data can feel like a minefield.
We know how complex regulations such as the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Personal Data Protection Act (PDPA) can seem.
Pre-audit with our PDPA consultant (FREE)
Assessing current data collection practices Gaining consent
Be ready for data breaches
Make a plan and seek support if needed
Review processes, procedures & policies
Detailed Project Action Plan and Schedule
Communication Kick-Off material
High-Level PDPA Gap Analysis & Advisory
Data Classification and Mapping
Conduct interviews with key staff impacted
Process Flows for Data Subject Rights Execution, Data Breach Management, Data Retention Monitoring and Outsourced Vendors Review
Amendment of Process flows related to PDPA integrated into existing Processes/SOP
Data Subject Rights Request Form
Vendor Due Diligence Checklist
DPO and Committee Establishment Plan
PDPA IT Compliance Report
Legal Policy Amendment/Development
Data Collection management for website
Database Privacy & Data Protection
Data Retention Policy template
Record of data processing template (ROP)
IT & Security Audit & Assessments
Website & Ecommerce Audit
Cyber Security Strategy
Verified Secure Architecture
Technical Security Testing
Cyber Attack Simulation
Legal and Regulatory Compliance
The Electronic Transactions Development Agency (ETDA) has issued guidelines on best practices to protect personal data as follows
Establish an understanding with the overall strategy of personal data protection, both the company’s sensitive data and personal data, according to PDPA. Thereafter, identify the scope of data to be protected and develop a model data structure and categorize data.
Search, analyze, and categorize data into different types regularly. Establish an understanding about the data environment, structure, and lifecycle to determine the most effective data protection measures.
Set up a baseline to protect sensitive data of the company and personal data, according to PDPA. Evaluate the control processes and measures required, as well as perform risk assessment and gap analysis to identify solutions and risk mitigation.
Plan and prioritize measures to protect sensitive data of the company and personal data, both technical and strategic data. Thereafter, design and implement preventive measures for such data securely. Most importantly, the protective measures must be aligned with business growth targets.
Develop data governance framework, risk metrics, and monitoring processes to ensure that practice guidelines and control measures are working properly to achieve objectives. In addition, review the strategy and data protection measures regularly.
For any questions, queries or advice about our data protection and PDPA services, please do not hesitate to contact us in English, French, German or Thai.
Call us at (+66) 094-3655697 / (+66) 092-8899046
With Thailand’s Personal Data Protection Act set to come into effect on May 27th, organisations across the country must ready themselves to comply with the new regulations. Being adequately prepared entails understanding the PDPA and effectively communicating its implications with everyone in the organisation who has access to personal data. but due to the pandemic, the effective date of Thailand’s PDPA is postponed until 1 June 2021.
The PDPA imposes penalties for non-compliance. It is punishable with administrative fines (up to THB 5 million), criminal penalties (imprisonment up to one year and/or fines up to THB 1 million), and punitive damages up to twice the amount of the actual damages. Furthermore, civil damages under the PDPA can be multiplied as Thailand now allows data subjects to bring a class-action lawsuit. The director of a company could also be subject to penalties under the PDPA.
The PDPA provides stringent requirements for the collection and storage of sensitive personal data that refers to any information relating to a person, which enables the identification of such person including personal data pertaining to:
The collection of sensitive personal data without the express consent of the data owner is prohibited, except in certain circumstances, such as medical emergencies or as required by law.
In the event that a data controller sends or transfers Personal Data to a foreign country, the destination country that receives such Personal Data shall have adequate data protection standards, unless an exemption is met (e.g. a consent from the data subject is obtained for the transfer of the Personal Data to a country which the data protection standard that is not adequate, or the transfer is for compliance with the law). The guideline on adequate data protection standard is yet to be issued.
A person or entity that collects, uses, or discloses personal data in accordance with the orders of the data controller.
A person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.
The Data Protection Officer (DPO) ensures, in an independent manner, that an organization applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organization are described in Sections 5, 6, 30-41 of the Thai Personal Data Protection Act law (PDPA). Many other countries require the appointment of a DPO, and it is becoming more prevalent in privacy legislation.
Our experienced and certified DPO, GDPR and PDPA consultants help you to make the transition process to Pimaccounting extremely easy. With your consent, our liaison team will deal directly with your previous service provider during the transition to Pimaccounting. All you need to do is contact us so that we can take care of the rest.
We provide outsourcing data protection, PDPA consultation, statutory auditing, bookkeeping, payroll and BOI consulting
Call us at (+66) 094-3655697 / (+66) 092-8899046