Thailand: Adopted PDPC order on security measures of personal data controllers B.E. 2565 (2022)

On 20 June 2022, the Personal Data Protection Committee (PDPC) adopted security measures for personal data controllers. The order mandates personal data controllers to implement appropriate security measures. The regulation encompasses protective actions, including organisational, technical, and possibly physical measures, tailored to the risk level, nature, and purpose of data handling. It also specifies requirements for risk management, incident response, and the maintenance of data confidentiality, integrity, and availability.