Mobile operators prepped for PDPA
NBTC insists upon strict compliance
Major mobile operators have affirmed they are fully prepared for customer data protection and cybersecurity standards in line with the requirements of the Personal Data Protection Act (PDPA), which is scheduled to come into force on Wednesday.
The National Broadcasting and Telecommunications Commission (NBTC), meanwhile, has instructed all telecom operators to strictly comply with the PDPA.
The PDPA was published in the Royal Gazette in May 2019, with a one-year grace period for stakeholders to adjust. The full enforcement of the legislation was then pushed back twice due to the pandemic.
Somchai Lertsutiwong, chief executive of Advanced Info Service (AIS), the country's biggest mobile operator by subscriber base, said the company has been studying, developing and improving tools and processes to ensure compliance since the PDPA was published in 2019 and it is now fully ready for the legislation's enforcement.
AIS has ramped up efforts to boost customer understanding about the law so they are aware of their rights in terms of personal data protection, he said.
AIS has also informed its mobile users, corporate customers, vendors and business partners about relevant practices and guidelines based on the law, including the purpose of data collection and processing, restrictions on personal data usage, data security measures and rights on personal data as well as channels to contact the firm.
"We have added measures to oversee personal data protection and cybersecurity, adopting digital tools to ensure data leak protection and encrypting sensitive data for all the departments to protect the firm's data and users' personal data," Mr Somchai said.
AIS is implementing digital tools across its organisation to delineate data confidentiality and notifying customers of relevant personal data and communication regulations and practices, he said.
Stephen James Helwig, interim chief corporate affairs officer of Total Access Communications (DTAC), the country's third biggest mobile operator, said the company has adopted a personal data policy in a customer-friendly way.
The firm collects, stores and manages users' personal data in compliance with the PDPA while its policy details the opportunities that clients can monitor and manage their personal data.
"The enforcement of PDPA on June 1 after a two-year postponement marks a milestone for privacy protection and data security for customers in Thailand," Mr Helwig said.
The company has mapped all activities, ensuring that good procedures are put in place every step of the way in its data processing called "privacy-by-design", Mr Helwig said.
Trairat Viriyasirikul, acting secretary-general of NBTC, said the regulator has finished a draft on measures required for telecom operators to protect the rights of their users in terms of personal data and freedom of communications and it is being proposed to the NBTC board for approval.
After that, the draft regulation will be put up for the public hearing and then published in the Royal Gazette.
The NBTC indicated it will hold talks with the Personal Data Protection Committee about the power overlap between the two organisations for the sake of effective law enforcement, he added.