About Us
FAQ
Global Advisory Experts Logo
Global Advisory Experts Logo

Find a Global Law Expert

Specialism
Country
Practice Area

Awards

Since 2010, the Global Law Experts annual awards have been celebrating excellence, innovation and performance across the legal communities from around the world.

Benefit of Outsourcing DPO

posted 11 months ago

According to the Personal Data Protection Act B.E. 2562 (PDPA) fully enforced on 1 June 2022, baseline standard of the law is to strengthen and reinforce the rights of the individual and create a much need harmonization of data protection law. Under the PDPA, most organisations are required to designate at least one individual, a natural person or a legal entity, as the data protection officer (DPO).

Currently, while the Personal Data Protection Committee (PDPC) has issued several sub-regulations, it has not yet prescribed qualifications of DPO. PDPA only sets out its roles and responsibilities. DPO roles are, among other things, to uphold the rights of data-subject which may vary from an organization to another one and to ensure legal compliance of PDPA.

Who needs a DPO?

  • Company’s activities requiring regular and systematic monitoring of a large scale of personal data (The Draft PDPA Sub-Relations suggests that “large scale” means data controller or data processor has in its possession of personal data of more than 50,000 data subjects or 5,000 data subjects in case of sensitive data processing within 12 months)
  • Public authorities including governmental agencies, state enterprises, local administrative agencies, and other state agencies.
  • Company’s core activities concerning collection, use or disclosure of sensitive personal data.

To have an in-house DPO might benefit from fully conversant with processes within the business entity. However, to have outsource DPO provides you an expert knowledge on specifical field and experience of working with numbers of organisation and avoids a possible conflict of interest within an organization. A DPO, under PDPA, must be independent enough to challenge the management of the organization on existing vulnerabilities. Since Thailand is still new to PDPA, to hire an in-house DPO, who is a highly qualified on PDPA, may be difficult. Thus, outsourcing this task to a qualified external firm is an option.  

To outsource the Data Protection Officer (DPO), the company would benefit from:

  • Timesaving; while, the organization can focus on core businesses.
  • Meeting the independence requirements for the DPO role without compromising existing internal duties or roles.
  • Assurance regarding the correctness of decisions made.
  • Quickly access specialized, skilled and experienced consultants in the event of a personal data breach, supervisory authority investigation or other privacy impact events.
  • It is not accessary to set up an individua workplace, employment’s benefits and to integrate a new staff member to the cohesive work environment.

Author

Join

0
who are already getting the benefits

Sign up for the latest advisory briefings and news within Global Advisory Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.

Naturally you can unsubscribe at any time.

Newsletter Sign Up

About Us

Global Advisory Experts is dedicated to providing exceptional advisory services to clients around the world. With a vast network of highly skilled and experienced advisers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.

Contact Us

Stay Informed

Join Mailing List

GAE