With the increased collection and use of personal data, managementand privacy of data is a growing concern for businesses across allsectors. More importantly, the introduction of the Thailand PersonalData Protection Act B.E.2562, “Thai PDPA”, will officially come intoaffect in June 2022 after being postponed. This will change the privacy
landscape for businesses dramatically.In October 2021, Deloitte Thailand conducted a Thai PDPA readiness survey across a sample of organizations and industries in Thailand.
The aim of this survey was to understand how organizations are preparing for Thailand’s PDPA compliance, how far along their implementation plans are and what challenges they may be facing along the way.The results of the survey indicate that industries are differing in their implementation speed and timeline of compliance activities, with
Financial Services leading the way to be ready in time for June 2022. The top motivators for Thai PDPA compliance activities were driven by PDPA regulations and negative consequences of not adopting these regulations, rather than associated benefits. Integrating new policies and processes into business operations was the top challenge across
all industries.40% of the survey respondents came from the Consumer industry, followed by Financial Services, accounting for 27%. The majority ofrespondents came from larger sized companies, with
PDPA implementation status varies across industries
excluding ‘Others’ 72% of respondents have started or already implemented Thai PDPA requirements, whereas 24% have plans but have not started the implementation process yet. By Industry, Financial Services had the largest percentage of respondents who have already start ed, or implemented Thai PDPA requirements already, followed by Life Sciences and Health care. The industry with the highest percenta ge of those who have not stated the implementation process is Energy, Resources & Industrials.
Thai PDPA implementation statThai PDPA implementation status varies depending upon company size
Survey response indicates that the majority of organizations that have started or already implemented Thailand’s PDPA requirements, are larger with at least 100 employees, whereas more than half of the respondents from smaller organizations with less than 50 employees stated that they have plans but have not started implementing yet.
Most organizations plan to, or have already performed a Thai PDPA readiness assessment
Of the 45% of respondents who had already conducted a Thai PDPA readiness assessment, 98% of the assessments included readiness of IT systems as well as business processes and operations. Both Financial Services and Life Sciences and Healthcare had a highe rpercentage of respondents who have already performed a Thai PDPA readiness assessment.
Compliance timeline
Only 29% of the respondents indicated that they may not be fully compliant around the enforcement deadline of June 2022, with 8% of those expecting to be fully compliant much later in the year. Results show that most of the respondents in the Consumer, Fina nci al Services and Technology, Media and Telecom industries will be fully compliant by June 2022, whereas the Energy, Resources andIndustrials, and Life Sciences and Healthcare sector seem to be lagging.
Key drivers for Thailand’s PDPA compliance activities
The top 3 key drivers for compliance activities were consistent across all sectors, being threat of regulatory fines or lawsu its , potential for reputational damage and improving customer trust
Almost half of the respondents expect significant benefits from Thai PDPA compliance
A higher proportion of Technology, Media and Telecom organizations and Energy, Resources & Industrial expect significant benefit s from Thai PDPA compliance activities compared to other industries. Financial Services and Life Sciences and Health Care expect mor e l imited or no benefits outside regulatory compliance, as these industries are highly regulated and the nature of the data they are de ali ng with is more sensitive.
