GDPR continues to influence data protection legislation around the world. This from Thailand..:
The Personal Data Protection Act (PDPA) came into effect in May with a one-year grace period for compliance by companies and government agencies that handle personal data.
The measure is in conjunction with the EU’s General Data Protection Regulation (GDPR) that went into effect in May last year, penalising any company worldwide that mishandles the data of EU citizens.
A new paradigm of personal data protection is dawning, following the former Wild West days of companies flagrantly commodifying, buying and selling deeply personal information. But it’s still unclear whether these sweeping regulations will rein in tech behemoths and serial data abusers like Facebook.
Under the GDPR, mishandling the data of EU citizens by any company, even those outside the bloc, could be punished by a maximum fine of 4% of annual turnover or €20 million, whichever is higher.
Meanwhile, under Section 42 of the PDPA, companies must appoint a data protection officer (DPO) to manage compliance of the law and collaborate with the Office of the Personal Data Protection Commission.
The DPO is the contact person if problems occur in the storage, use and disclosure of personal data. Under the PDPA, there are penalties starting from six months’ jail time to a maximum fine of 5 million baht.