Some 72% of businesses in Thailand have started or already implemented measures in line with the requirements of the Personal Data Protection Act (PDPA) with financial services at the forefront of the move, according to consulting firm Deloitte Thailand.
"A clear understanding of the new rules will allow companies to prepare responsibly and thoroughly for the privacy obligations that form the core of the Thai PDPA," Somkrit Krishnamra, partner for risk advisory at Deloitte Thailand, said in virtual press conference.
He said business owners need to approach data protection and privacy in a holistic manner by combining technology, laws, compliance and workstream to ensure end-to-end compliance, boost data protection, respond well to customer and support future growth of the business.
The PDPA will come into full force on June 1 this year.
The legislation, which was published in the Royal Gazette in 2019 with a one-year grace period, was hit with two postponements of its full implementation due to the pandemic.
Once implemented, it is expected to drive the personal data protection in Thailand to the next level.
Deloitte Thailand conducted a survey on PDPA readiness in October 2021 that included 136 respondents, most of whom came from larger sized firms with a head count of 500 employees or more.
The survey shows 42% of respondents have started to implement the PDPA-related activities while 30% had already implemented measures. Some 24% indicated they had plans to do so and another 4% said they had no such a plan.
The survey also revealed 29% of respondents indicated they may not be fully compliant around the enforcement deadline of June.
The top three drivers for PDPA compliance, based on the survey, are regulatory fines or lawsuits, the potential for reputational damage as well as improving customer trust.
Financial services is currently leading the way ahead of other sectors, in becoming fully compliant and ready in time for June with 87% of respondents indicating they have already started to implement PDPA measures, followed by life sciences and healthcare (80%) and the consumer sector (69%).
Some 81% of respondents in the financial service sector said they are already fully compliant or expect to be by March this year, driven by the fact that the industry is highly regulated and has strong backing from the Bank of Thailand in protecting the personal data of bank customers.
The survey shows 45% of all respondents expect significant benefits from the PDPA compliance. When compared by industry, 80% of those in financial services and life sciences and healthcare expect limited or no benefits outside of regulatory compliance.
Meanwhile, 70% of the respondents from small-sized organisations with fewer than 50 employees said they have not started the implementation of the PDPA measures.
The survey shows integrating new policies and process into business operations is the top challenge the respondents faced during the PDPA implementation with 75% saying so, followed by interpreting PDPA requirements (68%) and staff knowledge (63%).
Mr Somkrit said the PDPA would be an instrumental tool in personal data protection as data will be increasingly leveraged in the future.
Any subordinated regulations of the PDPA must be consistent with the changing business landscape, he added.