Thailand’s Personal Data Protection Act or PDPA is all set to come into full effect from 1 June 2022. Companies based in Thailand will have to comply with the Personal Data Protection Act (PDPA)
Table of Contents
The legislator has provided for certain flexibilities. However, the compliance requires latecomers to produce a precise compliance plan. Among the various functions of the company, Human Resources Departments (HRDs) are most impacted by this new regulation and the obligations that result from it. This is because the HRDs, collect, process, and archive a significant volume of personal data. An apparent difficulty that can be transformed into a performance lever, thanks to adapted methods and tools.
Reminder of the PDPA issues that will be faced by the HRDs:
The PDPA obliges anybody managing the personal data of citizens to report to the supervisory authority, within couple of hours, any infringement of which it is aware. Companies failing to comply with regulations can get fines up to 5 million baht or even a sentence in prison. These coercive measures are taken to protect the Thai citizens from data theft or hacking and potential identity theft.
The issues of compliance then appears crucial for companies. If this approach concerns the company as a whole, the HRDs are particularly impacted by the volume and diversity of personal data that it manages through its various HR processes.
To date, it is estimated that 70% of companies are not yet compliant with the PDPA. If the PDPC, the supervisory body, has indicated that it will take this into account and may show some flexibility. However, it will only do so on the strict condition that the company is able to demonstrate that it is fully committed to the process.
An impact on the entire field of HR activities:
The HRD’s contribution to the compliance process is major and essential. Consequently, it is imperative to take into account all of its activities to put in place an effective action plan and guard against any risk of default. The HRD that largely manipulates data – fishing, recruitment, administrative management, training, evaluations, payroll, reporting – must, within the framework of the PDPA, review its methods of managing, securing and storing personal data. The rationalization effort will have to focus on all stages of the process, but also on the training and awareness of the employees concerned. The company’s subcontractors and suppliers are also concerned and must provide the guarantee of their PDPA compliance or an ongoing compliance process.
In view of all these aspects, we understand the need for HRDs to be able to rely on “PDPA compliant”, HR solutions, providing all the guarantees of data processing in accordance with the modalities defined by the legislator.
Next in our series of articles about PDPA we have how one can comply with this change in regulations. To know more about the PDPA and how to comply, follow our LinkedIn page and website.