Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Thailand: PDPC publishes notification and guidelines on personal data breaches
The Personal Data Protection Commission ('PDPC') announced, on 15 December 2022, the publication, in the Government Gazette, of its Notification on the Criteria and Procedures for Handling Personal Data Breaches, which entered into force on the same date. In particular, the Notification, among other things, provides for a definition of 'personal data breach' under the Personal Data Protection Act 2019 ('PDPA'), and outlines three categories of personal data breaches, namely confidentiality breaches, integrity breaches, and availability breaches. In addition, the Notification specifies the actions that a data controller shall take when suspecting that a personal data breach has occurred, and the factors that must be taken into consideration when conducting a breach assessment.
In addition, the PDPC published, on 16 December 2022, Guidelines on Data Breach Assessments and Personal Data Breach Notifications, to aid data controllers when reporting personal data breaches under the PDPA.
You can read the Notification here and the Guidelines here, both only available in Thai.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
