Dtac, a premium member of the Thai-Norwegian Chamber of Commerce, is prepared and ready for the Personal Data Protection Act (PDPA) coming into force in Thailand on June 1, offering its services by taking proactive, investigative and corrective actions to protect data privacy. The move reaffirms its strong role in supporting its responsibility to respect human rights and strengthen good governance, while PDPA enforcement is a milestone for privacy protection in the nation in a manner aligned with global standards. Dtac has adopted a personal data policy which describes in a consumer-friendly way the rationale and the manner in which dtac collects, stores and manages their personal data in compliance with the PDPA. The policy also details the opportunities that clients have to monitor and manage their personal data.
Stephen James Helwig, Interim Chief Corporate Affairs Officer at Total Access Communications Plc or dtac, said “As running our business responsibly is our core strategy, two human rights issues that are directly related to dtac are the right to information and freedom of expression. dtac welcomes and is pleased to apply its policy, offering the optimal benefit for consumers, businesses and society as a whole. The enforcement of PDPA on June 1 after a two-year postponement has marked a milestone for privacy protection and data security for customers in Thailand. The PDPA ensures a high level of protection for consumers while allowing for consistent and flexible regulation that enables continued innovation. Trust in the protection of personal data is viewed as a new value prospect for our customers in the digital era.
From Policy to Practice
- Collection – dtac collects a set of direct and indirect identifiable data that is useful for service improvements.
- Process – dtac processes personal data for specific, explicit, and legitimate purposes.
- Sharing – dtac is transparent in how it shares and discloses data based on a legal basis.
In addition, dtac also has a framework to mitigate the risks of a data breach, ensuring that it has privacy and security in place.
1. Proactive approach
dtac has developed a “Privacy Checkpoint” as a tool to control and reduce the risk of privacy breaches. Those involved with customer data (application developers, data analysis and business intelligence officers) who intend to use data in a new manner are required to give data-usage reasons to the appointed data privacy officer (DPO) to assess any restriction of fundamental rights, whether the user has a legal basis, and to give a necessity and proportionality analysis. Moreover, those involved with customer data are required to pass a data security assessment overseen by a technical team. If the matter passes the initial assessment, it will be reviewed, endorsed and approved under a Data Protection Impact Assessment (DPIA).
The DPO is an expert in data protection, adequately resourced, and directly reports to the highest management level to prevent any external-factor interference. The DPO is expected to carry out his duties objectively and in accordance with PDPA requirements.
2. Investigative approach
3. Corrective action
For customers and those interested in how we work with privacy, please click here.
For other interesting articles from our members and chamber activities, please visit our website.