ブログ
MDES and PDPC Enforce First Administrative Fine under Thailand's PDPA
2024.08.30
Nowadays, digital transactions become one of the main activities in a person’s life. This helps people live their lives conveniently, but on the other hand, call center gangs and personal data leaks from the transactions have been significant problems in Thailand over the past 2 years.
In order to protect the people from such problems, the Ministry of Digital Economy and Society (MDES) and the Office of the Personal Data Protection Commission (PDPC) have imposed the first-ever administrative fine under Thailand’s Personal Data Protection Act (PDPA). The penalized company, a prominent online and offline IT merchandise trader whose name remains undisclosed, was fined 7 million THB (approximately 30 million JPY) for severe data breaches, including leaking personal data to criminal call center gangs. According to the press conference of the MDES and PDPC, the imposed 7 million THB fines are as follows:
- 1 million THB for failing to appoint a Data Protection Officer (DPO) when meeting the criteria as required by laws;
- 3 million THB for failing to provide adequate security measures to prevent the personal data breach; and
- 3 million THB for ignoring the complaint from the affected persons and not reporting the breach to the PDPC in time, resulting in the incapability to remedy such incident.
In addition to the fine, the PDPC has ordered the company to enhance its data security protocols to prevent further data leaks, increase the necessary security measures to keep up with the changing technology, provide staff training, and report back on the improvements within 7 days.
This enforcement serves as a crucial reminder for Japanese companies operating in Thailand to ensure full compliance with the PDPA, particularly in (1) establishing robust data protection measures, (2) appointing necessary personnel like DPOs (if required), and (3) notifying the PDPC within the specified timeframe when a personal data breach occurs. The significant fine underscores the importance of adhering to these regulations to avoid similar penalties and maintain public trust in digital transactions.
From now on, this administrative fine order will be used as a standard and norm for considering personal data breaches occurring in the government and private sectors in Thailand.
Source: Ministry of Digital Economy and Society website, posted on 21 August 2024
Authors:
Monchai Varatthan
Shota Sugiura
Marin Viriyapongpanich (Lin)
Member
PROFILE
PROFILE