As a certified Data Protection Officer and Legal firm, our knowledge of Thai markets allows us to provide tailor-made solutions for transactions, risk, and executive services to clients.
YOUR TRUSTED PARTNER
We reinvent the rules of business by implementing the right technology, redefining industry business models and changing human behaviours and customer expectations.
PLAN YOUR BUSINESS
We utilise our local, technical and legal expertise in a rapidly evolving business and regulatory environment and guide our clients through all relevant data protection processes,
Audit / PDPA expertise / Cyber Security / DPO / Data Breaches
Data Protection & PDPA in Thailand
At Pimlegal, our Data Privacy, Data Protection, and PDPA consultants offer cutting edge, practical and effective solutions for all your PDPA, privacy and cyber security challenges – no matter how small or large your organisation.
Pre-audit with our PDPA consultant (FREE) Assessing current data collection practices Gaining consent Be ready for data breaches Make a plan and seek support if needed
Define & Mesure
Review processes, procedures & policies Detailed Project Action Plan and Schedule Communication Kick-Off material High-Level PDPA Gap Analysis & Advisory Data Classification and Mapping Conduct interviews with key staff impacted
Improve to future state
Process Flows for Data Subject Rights Execution, Data Breach Management, Data Retention Monitoring and Outsourced Vendors Review
Amendment of Process flows related to PDPA integrated into existing Processes/SOP Data Subject Rights Request Form Vendor Due Diligence Checklist DPO and Committee Establishment Plan PDPA IT Compliance Report
IT & Security Audit & Assessments Website & Ecommerce Audit Cyber Security Strategy Verified Secure Architecture Technical Security Testing Cyber Attack Simulation Legal and Regulatory Compliance
Best practice for PDPA
The Electronic Transactions Development Agency (ETDA) has issued guidelines on best practices to protect personal data as follows
Audit and Assessment
With so many laws and regulations surrounding data security and usage, it’s not surprising that most people find it overwhelming. Collecting, sharing, and using data can feel like a minefield. Contact us for a no obligations chat to understand what compliance audit services are needed to comply with the Personal Data Protection Act.
Identify Personal Data
Establish an understanding with the overall strategy of personal data protection, both the company’s sensitive data and personal data, according to PDPA. Thereafter, identify the scope of data to be protected and develop a model data structure and categorize data.
Identify how data is being used
Search, analyze, and categorize data into different types regularly. Establish an understanding about the data environment, structure, and lifecycle to determine the most effective data protection measures.
Identify the baseline of sensitive data protection
Set up a baseline to protect sensitive data of the company and personal data, according to PDPA. Evaluate the control processes and measures required, as well as perform risk assessment and gap analysis to identify solutions and risk mitigation.
Plan, design, and implement data protection
Plan and prioritize measures to protect sensitive data of the company and personal data, both technical and strategic data. Thereafter, design and implement preventive measures for such data securely. Most importantly, the protective measures must be aligned with business growth targets.
Monitor and protect sensitive data
Develop data governance framework, risk metrics, and monitoring processes to ensure that practice guidelines and control measures are working properly to achieve objectives. In addition, review the strategy and data protection measures regularly
Get in touch with us to see why
A digital law firm tech and law firms trust
We provide digital legal advice for all industries spanning specialised topics such as compliance law, intellectual property law and GDPR & PDPA