Latest News & Insights

Athentic Consulting’s team of experienced experts bring you the
latest news and insights in law and regulations.

PDPA Checklist

9 Steps to be compliant with PDPA

1 Policy by Management

Determine personal data protection policies within the organization. Both the data protection policy and the data security policy.


2 Data Protection Officer (DPO)

Appoint a "Personal Data Protection Officer" of the organization (Data Protection Officer: DPO) to provide knowledge and understanding about the Personal Data Protection Act for a group of personnel who must respond to the processing of personal data within the organization. However, DPO could be internal staff or external.


3 Record of Processing Activities

Review the organization of processing personal data such as descriptions, collection, usage, transfer, and data subject rights what types of data it collects, both Personal Data and Sensitive Data. Including IT systems and software related to the management, storage, and processing of all personal data within the organization.


4 Data Subject Rights

Inform data subject about any new uses of personal data before start the processing including various rights as prescribed by law.


5 Consent

Obtain consent from the data subject If sensitive data is processed or when the personal data is used more than necessary.


6 International Data Transfers

Verify the destination country to which the personal data will be transferred to have adopted the standards in the law of data protection that match with the PDPA or better.


7 Data Processing Agreement

Draft the agreement between the Controller and the Processor (Data Processing Agreement: DPA) to define rights, duties, and responsibilities regarding data processing


8 Data Breach Notification

Provide notifying the personal data breach to the Office of the Personal Data Protection Commission (PDPC) within 72 hours after having become aware of it.


9 Channels to exercise the right of the data subject

Arrange various channels which not require any fees and are easy to access for exercising rights of the data subject.


Jurarat Fuangkrasae
Lead - Legal Technology Counselor
About ATHENTIC News & Insights Our Services Contact us Career