What is PDPA?

The Thailand Personal Data Protection Act 2019 (PDPA) was published on May 27, 2019, in the Royal Thai Government Gazette. It is the first law governing data protection in Thailand.

The Thailand PDPA, not to be confused with the Singapore PDPA, describes the requirements for websites on how to collect consent before the processing of personal data.

The purpose of the PDPA is to protect individuals from the unlawful gathering and use of their personal data.

If you manage a website in Thailand or are a foreign organization or company doing business with users based in Thailand, the PDPA applies to you as well.

Violations of the PDPA can result in fines of up to 5,000,000 Baht or imprisonment for up to one year.

Here, we will outline how the PDPA may impact your business website and how Cookie Information can help you comply.

What is personal data under the PDPA?

According to Section 6 of the PDPA, personal data is defined as any information that can identify a person either directly or indirectly. This includes data such as name, address, email address, phone number, ID number, or other information that identifies a specific person.

Sensitive personal data is given further protection under the PDPA and includes:

  • Health data, biometric data, and genetic data
  • Gender, sexual orientation, and disability
  • Racial and ethnic origin, and religion
  • Trade union information and political opinions

If the data collected by a website can in any way identify a user (the data subject), then the user is protected by the PDPA.

Personal data about website users can be collected if there is a legal basis for doing so. This includes legal obligations, public interest, legitimate interest, or consent.

What Is Data Protection?

Data protection refers to the practices, technologies, and policies used to safeguard data against unauthorized access, loss, corruption, and other threats. This encompasses protecting data at rest (stored data), in transit (data being transferred between systems), and in use (data being accessed by authorized users).

Data protection involves implementing a range of security measures, such as encryption, access controls, and backup and recovery solutions, to protect data from cyber threats, accidental loss or deletion, and other risks. It also entails ensuring compliance with data protection regulations, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), which mandate organizations to protect personal data and provide individuals with specific rights over their data.

Effective data protection is critical for businesses, as it helps safeguard sensitive information such as customer data, financial records, and intellectual property from being compromised or lost. Data breaches and data loss incidents can have serious consequences, including financial losses, legal liabilities, reputational damage, and loss of customer trust. Therefore, implementing robust data protection measures is essential for ensuring the confidentiality, integrity, and availability of data.

What Are the Benefits of DPAAS?

Data Protection as a Service (DPaaS) offers several benefits for businesses and organizations, including:

  1. Cost savings: DPaaS can help businesses reduce their capital and operational expenses by outsourcing data protection to a service provider, eliminating the need to invest in and manage their own backup and recovery infrastructure.
  2. Scalability: DPaaS is a flexible solution that can be easily scaled up or down as business needs change, allowing businesses to quickly adapt to changing demands.
  3. Expertise and advanced technology: DPaaS providers offer advanced technologies and expertise that may not be available in-house, ensuring that businesses can access the latest data protection solutions.
  4. Improved data security: DPaaS providers can help businesses protect their data from theft, loss, or corruption through encryption, access controls, and monitoring.
  5. Regulatory compliance: DPaaS providers can help businesses comply with regulatory requirements, such as data retention and privacy regulations, reducing the risk of non-compliance penalties.
  6. Improved disaster recovery: DPaaS providers can help businesses develop and execute disaster recovery plans, ensuring that they can quickly recover from data loss or other disasters.

Overall, DPaaS offers businesses an efficient and cost-effective solution for data protection, allowing them to focus on their core business while outsourcing the responsibility for data protection to a trusted service provider.

What Is Data Loss?

Data loss refers to the unintentional or unexpected loss of information, which can happen due to various reasons. These reasons include hardware failure, where storage devices become non-functional; software errors that lead to the deletion or corruption of data; human errors such as accidentally deleting important files; malware or viruses that delete or encrypt data; natural disasters like fires, floods, or earthquakes that destroy storage devices; power failures that corrupt data during read/write processes; and theft or loss of devices such as laptops or smartphones that store important data.

Data loss prevention definition

Data protection is everyone’s responsibility, not just an IT function. Data loss prevention (DLP) is a key component of a company’s security policy aimed at preventing the loss, leakage, misuse, or unauthorized access of data. As part of their DLP practices, organizations classify business-critical information to ensure that their policies comply with relevant regulations, such as HIPAA and GDPR.

Data loss prevention (DLP) tools and solutions can monitor, remotely control, and safeguard data on endpoint devices, corporate applications, and both cloud and on-premises environments. Whether data is in transit or at rest, DLP solutions protect organizations from internal and external threats that could lead to the intentional or accidental loss of data.

We recommend a proactive strategy, utilizing robust data loss prevention (DLP) tools to avoid costly and damaging data loss events.

What is data loss prevention?

As the name implies, data loss prevention is a proactive approach aimed at securing data and digital resources against potential theft, and accidental or malicious loss. As part of an organization’s security strategy, optimizing data protection safeguards valuable data, ensuring high levels of recoverability from loss events. Data loss prevention applies throughout the full data lifecycle, including when data is in transit across the network, stored at rest, or actively used by applications.

DLP solutions can expedite incident response by providing alerts and isolating data in the event of a cyberattack or breach. Data loss prevention tools are also capable of classifying company information to ensure that data policies comply with relevant internal, local, government, and industry-mandated regulatory requirements.

Benefits of data loss prevention

Digital data and applications are the drivers of business growth. Protecting business-critical data is vital for business survival and serves as a safety net against data loss or theft. Preventing data loss is becoming increasingly challenging with more data to store and more places to store it. Adopting and enforcing a DLP strategy is a cornerstone of keeping your valuable data out of the wrong hands. DLP offers a helping hand to IT teams for:

Rapid recovery: Data loss prevention tools provide administrators with the necessary tools and capabilities to restore data with speed and precision. With granular search and flexible point-in-time or out-of-place recovery options, IT teams have complete control over when, where, and how to restore valuable data.

Comprehensive coverage: DLP extends protection across data estates, offering comprehensive coverage for users, systems, applications, and environments. And with data scattered in many cloud and on-premises locations – dedicated solutions deliver better peace of mind and coverage for valuable organizational data.

Lower costs: Data loss prevention saves organizations significant resources by avoiding potential liabilities, harmful exposure, fines, and lost revenue due to data loss.

Discover the leading Data Protection & Data Loss Solutions for your organization through Gartner's Magic Quadrant ranking of top
Data Protection & Data Loss offerings.