

Seminars are common and essential operations that must be conducted by any entity, whether small or large, in the public or private sector. Normally, the arrangement of seminars will involve the collection or use of personal data such as the registration of seminar participants for preparing meeting facilities or to confirm the number of participants, taking photographs during the seminar to compile minutes, providing satisfaction surveys for improving the efficiency of the operations, etc.
Therefore, any operation which is performed on personal data such as collection, use, and disclosure of personal data (“Processing of Personal Data”) will be subject to to Personal Data Protection Act B.E. 2562 (“PDPA”).. This article explains appropriate practices for managing personal data in the context of seminars to enhance knowledge and understanding in accordance with the principles of PDPA. Organizations have the following duties and responsibilities as follows.
Record of Processing Activity (RoPA) is a legally mandated document that specifies how personal data will be processed. It enables the organization to know which personal data processing activities require legal documents under the PDPA. Seminars are also operations within an organization that involve the processing of personal data. Therefore, it is necessary to record them in the Record of Processing Activities (RoPA) as well. Since RoPA documentation represents operational records within an organization , it is not necessary to create separate RoPA entries for every individual seminar or meeting. Organizations can record these activities as a single consolidated entry in their RoPA, provided the events follow the same pattern of processing personal data.
Moreover, the Data Controller or Data Processor must establish a legal basis for processing personal data. Note that a single data processing activity may be supported by multiple legal bases, depending on the purpose of data use. For example:
Examples: Personal Data Processing for Conference and Seminar
Example of Group of Activities | Example of Personal data | Legal basis* |
Registration of seminar participants |
| Contract |
Seminar Photography |
| Legitimate Interests |
Meeting Minutes Preparation |
| Legitimate Interests or Legal obligation |
For future contact related to marketing activities |
| Consent |
*Note: The legal basis for referencing depends on the organization and the personal data collected.
Privacy notice is a legal document that serves the purpose of informing data subjects about how their personal data will be collected and used during seminar and meeting activities. This practice ensures compliance with the principles of lawfulness, fairness, and transparency. Personal data will not be used beyond the purposes specified in the privacy notice. Regarding notification guidelines for data subjects, organizations must inform individuals of the processing purposes before or at the time of personal data collection. The notification approach and details are as follows:
The relationship between seminar management and PDPA compliance is inherently interconnected. Event organizers must fulfill their legal responsibilities as data controllers or processors to safeguard participants' privacy rights. Equally important, participants should actively review privacy notices to ensure the stated purposes and data collection practices align with their expectations and consent. Data subjects who have questions or concerns about how their personal information is handled retain the right to exercise their legal protections under data protection regulations.