In response to the Covid-19 lockdown, the DBD of Thailand has adjusted e-filing systems and implemented new online filing measures to facilitate businesses in complying with their legal filing requirements. This note gives a summary of some of these adjustments and new measures. 1. From 1st April 2020, the following documents can be filed with… Read More
Data Transfer Limitation, Data Retention Limitation and Data Security RequirementsThe Personal Data Protection Act B.E. 2562 (“PDPA”) requires Data Controllers (“Controllers”) to comply with the personal data transfer limitation, have appropriate data security measures and comply with the limitation on personal data retention. Transfer LimitationUnder Section 28 of the PDPA, Controllers are prohibited from transferring… Read More
The Personal Data Protection Act B.E. 2562 (“PDPA”) requires data portability so that data subjects can obtain their personal data from a Controller in a format usable by another Controller. This is to enhance competition amongst Controllers and to reduce the impact of customer lock-in effects created by non-portable data. Non-rivalrous Nature of Personal DataPersonal… Read More
Actions based on inaccurate personal data may result in bad business decisions and may cause harm to consumers. Data is the fuel which drives business decision making. This is particularly true in the social media, advertising, healthcare, banking and insurance sectors. The importance of data accuracy is set to skyrocket. 5G networks and the Internet… Read More
The Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) requires the Controller to comply with the three limitations on collecting, using and disclosing personal data, which are (1) the purpose limitation under Section 21 of the PDPA; (2) the source limitation under Section 25 PDPA; and (3) the proportionality limitation under Section 22 of the… Read More
Under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) notice and consent are two separate but related matters required for any collection, use or disclosure of personal data. Notice RequirementThe PDPA requires the Controller to notify each data subject of the purpose of any collection, use or disclosure of personal data prior to or… Read More