Thailand: Implemented PDPC order on security measures of personal data controllers B.E. 2565 (2022)

Implemented PDPC order on security measures of personal data controllers B.E. 2565 (2022)

On 21 June 2022, the Personal Data Protection Committee’s (PDPC) order on security measures for personal data controllers enters into force. The order mandates personal data controllers to implement appropriate security measures. The regulation encompasses protective actions, including organisational, technical, and possibly physical measures, tailored to the risk level, nature, and purpose of data handling. It also specifies requirements for risk management, incident response, and the maintenance of data confidentiality, integrity, and availability.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2022-06-20

adopted

On 20 June 2022, the Personal Data Protection Committee (PDPC) adopted security measures for person…

2022-06-21

in force

On 21 June 2022, the Personal Data Protection Committee’s (PDPC) order on security measures for per…

Description

Implemented PDPC order on security measures of personal data controllers B.E. 2565 (2022)

Scope

Complete timeline of this policy change