PDPC Notification on Security Standards for Personal Data Controllers Exempted from PDPA

The Office of Personal Data Protection Commission (PDPC) conducted a public hearing on the draft PDPC Notification Concerning the Security Standards for Personal Data under Responsibility of Data Controllers exempted from the enforcement of the Personal Data Protection Act B.E. 2562 (2019) (PDPA) (“Notification”). This public hearing occurred from 17 October 2023 to 31 October 2023.

Under Section 4 of the PDPA, certain data controllers, including public authorities, the media, the House of Representatives, the Senate, the Parliament, the courts, and the credit bureau, are exempted from the enforcement of the PDPA. However, Section 4 paragraph 3 of the PDPA mandates that these exempted data controllers must implement security measures to protect personal data.

The draft Notification sets out the security measures that exempted data controllers must adhere to. These measures are similar to those prescribed in the PDPC’s Notification on Security Measures for the Protection of Personal Data B.E. 2565 (2022). The key measures include:

1. Implementing organizational, technical, and physical measures to safeguard personal data, regardless of its form (physical or digital).
2. Ensuring the confidentiality, integrity, and availability of personal data.
3. Extending security measures to servers, software, or applications for storing or processing personal data.
4. Implementing access control, identity proofing and authentication, need-to-know basis access, user access management, determination of user responsibilities, and personal data audit trails.
5. Raising awareness about privacy and security among employees or users with access to personal data.
6. Adopting pseudonymization or encryption measures to minimize the risk of unauthorized or unlawful processing of personal data.

The enforcement of these measures will be closely monitored once the draft Notification becomes enforced.

Author: Panisa Suwanmatajarn, Managing Partner.

Other Articles

• Thailand Takes a Step Towards Marriage Equality: A Closer Look at the Amendment of the Civil and Commercial Code
• Subordinate Legislations under the Foreigners Work Management Emergency Decree
• A Proposal for the Reform of the Foreigners’ Working Management Emergency Decree B.E. 2561: Enhancing Labor Management in Thailand
• Proposal for the Repeal of the Act Governing Offenses Arising from the Use of Cheques B.E. 2534 (1991) : Promoting Fairness and Responsibility
• Enhancing Rights and Welfare: The Freelance Promotion and Protection Bill
• Thailand – New Government with its Executive and Legislative Policies to Promote Foreign Direct Investment