Songkran Post
Happy Songkran Festival!

The word Songkran derives from Sanskrit meaning to move or step forward or movement. Songkran is the Thai New Year’s national holiday. Songkran is on 13 April every year, but the holiday period extends from 14 to 15 April. The festival is  marked by the throwing and sprinkling of water.

This year Lim and Partner wishes everyone lots of laughter, prosperity and success, and blissful joy. May you get just the best.

Happy Songkran Festival! 

Stay safe! Stay blessed!

Latecomers: How to comply with the PDPA?

1. Recruit or appoint a Data protection Officer (DPO):

This new profile has the mission of managing the compliance of the organization but it is also the privileged interface between the PDPC, the company and the subcontractors.

2. Make an inventory of the processing of personal data:

* Identify personal data, sensitive data and their flows.
* Identify existing treatments and verify their compliance.
* List who has access to this data and identify the reason why they have access to it.
* List all the treatments analyzed in the register of treatments.
* Identify and control subcontractors and external service providers working from the company’s personal data and review subcontracts.
* Verify that the processing applied by the subcontractors/service providers, in paper and/or digital format, complies with the PDPC (access, informed and unambiguous consent of the data subject and retention period).
* Take stock of archiving practices and retention periods for HR personal data.
* Ensure hr and HRIS solutions comply with the PDPA

3. Implement a corrective action plan

4. Inform employees and obtain their consent

Beyond the constraint it seems to represent, the PDPA can contribute to improving the company’s performance, but also the trust and well-being of employees, provided that tools, methods and processes are streamlined.

The digital transition has already considerably disrupted the field of HR activities in recent years. Compliance accentuates this transformation, pushing decision-makers to optimize processes and pay particular attention to HR information systems. Thanks to these new priority challenges, HRDs will be able to decompartmentalize their organization, strengthen the quality of their cooperation with their suppliers and subcontractors. And with the clear personal data management policy, take care of their reputation and the attractiveness of their employer brand.

#data #hr #pdpa #compliance #dataprotectionofficer

Reminder of the PDPA issues that will be faced by the HRDs

Thailand’s Personal Data Protection Act or PDPA is all set to come into full effect from 1 June 2022. Companies based in Thailand will have to comply with the Personal Data Protection Act (PDPA).

The legislator has provided for certain flexibilities. However, the compliance requires latecomers to produce a precise compliance plan. Among the various functions of the company, Human Resources Departments (HRDs) are most impacted by this new regulation and the obligations that result from it. This is because the HRDs, collect, process, and archive a significant volume of personal data. An apparent difficulty that can be transformed into a performance lever, thanks to adapted methods and tools.

Reminder of the PDPA issues that will be faced by the HRDs:

The PDPA obliges anybody managing the personal data of citizens to report to the supervisory authority, within couple of hours, any infringement of which it is aware. Companies failing to comply with regulations can get fines up to 5 million baht or even a sentence in prison. These coercive measures are taken to protect the Thai citizens from data theft or hacking and potential identity theft.

The issues of compliance then appears crucial for companies. If this approach concerns the company as a whole, the HRDs are particularly impacted by the volume and diversity of personal data that it manages through its various HR processes.

To date, it is estimated that 70% of companies are not yet compliant with the PDPA. If the PDPC, the supervisory body, has indicated that it will take this into account and may show some flexibility. However, it will only do so on the strict condition that the company is able to demonstrate that it is fully committed to the process.

An impact on the entire field of HR activities:

The HRD’s contribution to the compliance process is major and essential. Consequently, it is imperative to take into account all of its activities to put in place an effective action plan and guard against any risk of default. The HRD that largely manipulates data – fishing, recruitment, administrative management, training, evaluations, payroll, reporting – must, within the framework of the PDPA, review its methods of managing, securing and storing personal data. The rationalization effort will have to focus on all stages of the process, but also on the training and awareness of the employees concerned. The company’s subcontractors and suppliers are also concerned and must provide the guarantee of their PDPA compliance or an ongoing compliance process.

In view of all these aspects, we understand the need for HRDs to be able to rely on “PDPA compliant”, HR solutions, providing all the guarantees of data processing in accordance with the modalities defined by the legislator.

Next in our series of articles about PDPA we have how one can comply with this change in regulations. To know more about the PDPA and how to comply, follow our LinkedIn page and website.

#pdpa #hr #data #compliance

Thailand’s PDPA and it’s effects on the HRD

The Thailand Personal Data Protection Act or PDPA is set to come into force on June 1, 2022.

Lim and PartnerPRAXI Alliance is all set to start a new series of articles about the impact of the Personal Data Protection Act, both from organizational and recruitment point of view. The Personal Data Protection Act 2019 was published, on 27 May 2019, in the Royal Thai Government Gazette. The PDPA is the very first consolidated law governing data protection in Thailand.

To know more about the act, and how one can comply with it keep an eye on our LinkedIn page and website, and follow our weekly series of articles on this act.

Lim and Partner is a part of the Praxi Alliance Network; our objective is, to share and convey what we know about the Thai market and companies from our experience and expertise to our European partners.

#pdpa #thailandpdpa #personaldataprotection #network #data #law


Employees and candidates bring more than just skills and experience with them to work — they bring their personality and all the preferences, tendencies, and styles that come with it.

ADEPT-15® is a scientifically based assessment designed to accurately uncover the unique aspects of an individual’s personality to help organizations hire, promote, and develop the very best talent. It has been proven by over 8 million global administrations, is backed by 50 years of research, and is built upon a database of 350,000 unique items.

We here at Lim and Partner, are AON Assessment Certified. We can help you with the specific type of assessment you require for your particular need.

If you want to more about assessment or our services, all you have to do is just leave us message!

Get in touch with us now!






#work #assessment #recruitment

SCALES Aptitude Tests

With the SCALES test battery, AON provides cognitive aptitude tests for a range of target groups.

Research has shown for years that aptitude tests are powerful predictors of long-term professional success. Virtually no other tool can offer as much added value for HR decision making with comparably small investment.

The scales aptitude tests are developed by AON to leverage the latest of web technology and are designed in such a way that reliable, decentralized execution is possible. Aptitude tests offer an efficient and valid means of employee selection.

We here at Lim and Partner, are AON Assessment Certified. We can help you with the specific type of assessment you require for your particular need.

If you want to more about assessment or our services, all you have to do is just leave us message!

Get in touch with us now!

Thailand-Vietnam Business Expansion Webinar 2021

If you are thinking of expanding your business in Thailand or Vietnam, but a bit unsure how to start, then this upcoming webinar is perfect for you. Lim and Partner and Source of Asia – SOA invite you to join the live webinar on 3rd November on the topic “Exploring Business Opportunities in Vietnam and Thailand – Food & Beverage”.

Laurent Landie (Managing Director, Lim and Partner), will talk about the key successful factors required to have a good business establishment in Thailand.

Key takeaways from the webinar:

– Overview of the F&B sector in Vietnam and Thailand in the midst of COVID-19 Pandemic
– A snapshot of legal and regulatory framework in the sector of F&B in Vietnam and Thailand
– Outsource your representation in Southeast Asia: How does it work?
– Key successful factors required to have a good business establishment in Thailand
– Vietnam in perspective: A successful decade of Central Retail Vietnam’s operations in the rising market

Time and Place: 14:00 (3rd November 2021) – Online (of course)
You can register via this link directly or scan the QR code!

#webinar #businessopportunities #foodandbeverages #thailand #vietnam

People-centric attitude to data safety

Article by Wichayada Amponkitviwat

Source: Bangkok Post

Cyber attacks and ransomware have become crimes of modern digital society. Yet, in Thailand what is of new concern is the attack on government database sources — particularly those of state hospitals.

In September last year, Saraburi Hospital’s database was hacked and the attackers gained access to information of patients.

Last month alone there were two cases. In the first hackers managed to crack into the database of a state hospital in Phetchabun and make a profit from selling the information of thousands of patients on the dark web. A week after, another hospital, the Bhumirajnakarin Kidney Institute in Bangkok fell victim, with the hackers demanding a ransom in exchange for the records of 40,000 patients.

The cases again raise a red flag that data breaches can be caused by several factors — from deliberate ransomware attacks by hackers to human error such as failure to update security software or negligence of a personal data officer who may unknowingly open malware-infested emails, links or files. Therefore, even if an organisation has adequate security measures, there can still be the risk of a data breach caused by human error or other mistakes.

Today, government agencies get involved in many aspects of our lives, and they have collected important personal data from the “cradle-to-the-grave” whether it be information on health, social security and education. In other words, the government is one of the institutions that have a lot of our personal data.

The attacks on hospital computer systems affected not only the government but patients whose privacy and crucial personal data have been accessed. Sensitive personal data of individuals as well as staff of state organisations are protected by the Personal Data Protection Act 2019.

However, the real concern is how these state agencies collect and use public information. Many agencies tend to keep more personal information than necessary for performing their official duties or missions. Additionally, some agencies may maintain personal data in a way that does not meet security standards and therefore are exposed to higher risk from data breaches or attacks on computer systems. Another concern is the lack of setting access control measures which leads to unauthorised access to personal information, especially for electronic documents in office computers.

The current law is not of much help. The Personal Data Protection Act 2019 — known as PDPA, is only partially enforced, and is also still unclear on many issues.

In May, the government approved a royal decree to postpone the full enforcement of the law until June 1, 2022, citing concerns about compliance among state and private organisations amid the pandemic.

Once implemented, the PDPA is expected to change the landscape of personal data protection in Thailand. The legislation mandates that data controllers and processors that use personal data must receive consent from data owners and use it only for express purposes.

Yet, the PDPA is unclear. One of the issues is that it is harder for state agencies to clearly understand their obligations and start implementing necessary measures or policies which are legally compliant with the law. For example, without a clear categorisation of personal data, officials cannot determine correctly what type of information can either be publicly used or transferred to other public agencies or which types of data are sensitive personal information that needs additional care and protection.

When it comes to having security measures, both systemic and technical security depends on the allocation of budget and finding appropriate personnel who can effectively operate and monitor the security systems. In practice, it may be impossible for some organisations to achieve adequate standards immediately because it requires a huge amount of budget and time to recruit personnel to perform such duties.

Therefore, in order for state agencies to have appropriate measures for their collection and use of personal data, the question is: What are the steps for setting up those appropriate measures?

State agencies that possess civilian data must provide appropriate and sufficient security measures. But without skilled and trained personnel with the relevant knowledge, there cannot be a proper security system. Therefore, building a good data protection system can start with creating knowledge and raising awareness about personal information for personnel in the organisation. This can begin with the management issuing policies and clear guidelines for their workforce to strictly follow. The guidelines should cover how personal data should be collected, protected, used, stored and destroyed.

In addition, a great emphasis must be placed on providing the correct knowledge, especially to officers whose primary task involves collecting personal data, such as for civil registration and passport issuance. Therefore, personnel engaged with such tasks must have great understanding and awareness in using the information in their task. For other less data-related tasks, such as disaster prevention and mitigation, and engineering department personnel, basic knowledge of the use of personal data may be sufficient.

Therefore, when designing guidelines and training courses to build a better understanding of personal data protection, it should be considered as creating a culture within the organisation that encourages employees to always treat the personal information of the people like it was their own.

Meanwhile, making employees more conscious and understand fully about personnel data protection may require other tools, such as handbooks for guidance and documents with information about the law, guidelines and cases in other countries. If outside consultants are hired, the organisation must ensure that the staff within the organisation have opportunities to engage and work closely with them. The training staff will benefit from knowledge transfer and be able to continue the data protection duties and operation even when the outsourced services end.

The protection of personal data is not just about the issue of systemic and technical security. It also means raising awareness, understanding, and having the tools for staff to work effectively. Therefore, to create an excellent personal data protection system, the organisation must prepare its personnel to be ready and capable because the “personnel” will be the driving force that allows the organisation to have a good system.

Most SMEs under digital attack over past year

Source: Bangkok Post

Small and medium-sized enterprises (SMEs) in Thailand are vulnerable to cybersecurity threats, with 65% of them suffering from attacks over the past year, while malware and phishing are the top two threats, says Cisco, a global technology company.

“Thai SMEs have increased their pace of digitisation over the past 18 months. The more digital they become, the more attractive a target they are for malicious actors,” said Padd Chantaraseno, managing director of Cisco Thailand.

He was speaking during the recent unveiling of “Cybersecurity for SMBs: Asia Pacific Businesses Prepare for Digital Defence” study, which gauged 3,700 small and medium-sized businesses (SMBs) across 14 markets in Asia-Pacific, including Thailand.

The study found 65% of Thai SMEs surveyed said they suffered cyber incidents in the past 12 months, compared to 56% in Asia-Pacific.

Some 91% of the attacks on Thai SMEs came from malware, followed by phishing with 77% and denial of service (DoS) at 65%. A similar pattern was also seen at the regional level, Mr Padd said.

Some 49% of the Thai SMEs surveyed indicated they suffered cyberattacks because their cybersecurity solutions were not effective enough to detect or prevent the attacks.

For the cyberattacked SMEs, 47% said incidents over the past 12 months cost the business US$500,000 or more and 28% said the cost was $1 million or above.

In addition to customer data loss, the cyberattacks made local SMEs lose employee data, emails, intellectual property, financial records and sensitive business information, according to Mr Padd.

Some 56% of attacked companies said the incidents disrupted their operations.

The survey also found 81% of Thai SMEs indicated that downtime of more than one hour could cause severe disruption to their operations.

Some 29% pointed out that downtime of more than a day could lead to the permanent closure of their organisations, Mr Padd said.

According to Mr Padd, 13% of the respondents in Thailand said they were able to detect a cyber incident within an hour and 7% indicated they were able to find a solution to a cyber incident within an hour.

The survey also shows that 89% of local SMEs had increased their investment in cybersecurity since the start of the pandemic.

Identify the Values of Employees and Applicants with VIEWS

Employee motivation is a critical success factor for companies. Selecting the right fit in terms of corporate values and motivation structure is a key challenge in the recruitment process. Employee motivation is also important in development.

The VIEWS questionnaire developed by AON, helps you to efficiently and reliably identify the motives and values of your employees and applicants.

We here at Lim and Partner, are AON Assessment Certified. We can help you with the specific type of assessment you require for your particular need.

If you want to more about assessment or our services, all you have to do is just leave us message!

Get in touch with us now!