State urged to assist SMEs with PDPA
The government needs to assist local businesses, particularly small and medium-sized enterprises (SMEs), in complying with the Personal Data Protection Act (PDPA) as the compliance is costly and many organisations are suffering from the Covid-19 outbreak, say cybersecurity experts.
The PDPA was published in the Royal Gazette in May last year, but comes into force this May following a one-year grace period.
"The PDPA is an urgent issue that policymakers and the Digital Economy and Society [DES] Ministry need to consider as enforcement begins on May 27," Nipon Nachin, chief executive of ACIS Profession Centre Co, a security training centre, said via an online press conference along with Microsoft (Thailand) Co.
The law carries a fine and jail sentence for violators.
"I estimate only 35% of the organisations can fully comply with the PDPA," Mr Nipon said, citing a figure tallied when the General Data Protection Regulation was implemented by the EU.
The DES Ministry should come up with relief measures for those facing lawsuits in connection with the PDPA, he said.
Policymakers should iron out guidelines for best practices, frameworks or playbooks for each sector to follow.
The cost of legal and consultation fees could reach 400,000 baht for SMEs and 15 million for large enterprises, not including the cost for the technology that may be needed for compliance with PDPA, said Mr Nipon.
As for SMEs, the government can dispatch officials to assist them on a case-by-case basis, similar to Singapore, he said.
The postponement of enforcement is unlikely as users want to have their data protected, said Mr Nipon.
"We estimate 70% of enterprises are seeking ways to comply with the PDPA," he said.
Digital Economy and Society Minister Buddhipongse Punnakanta said it is considering relief measures for organisations while associated rules under the PDPA have yet to come into force.
Ome Sivadith, a technology officer at Microsoft (Thailand), said organisations need to appoint data protection officers and the head of each business unit as well as IT and legal officers should work towards PDPA compliance.
Microsoft is ready to support businesses on the Azure cloud platform and Microsoft 365 to simplify compliance in identity and access management, information protection and threat protection, he said. The company expects it will soon launch its Office 365 Enterprise in compliance manager tools that can help businesses manage regulatory compliance.