top of page
Writer's pictureAdmin

Notification of Data Protection Officer Appointment is Published in Thailand 泰國公告資料保護長任命的通知

Thailand’s Personal Data Protection Committee (“PDPC”) published a notification on the requirements for the appointment of a data protection officer (“DPO”) in the Government Gazette on 14 September 2023, which will become effective on 13 December 2023.

泰國個人資料保護委員會(“PDPC”)於2023年9月14日在政府公報發布關於任命資料保護長(“DPO”)要求的通知,該通知將於2023年12月13日生效。


After hearing on the draft notification of DPO Appointment in July,[1] the published version has been slightly amended but the main criteria for appointment of a DPO are still the same. Following are key provisions:

7月舉行《DPO任命通知草案》的聽證會後,公告的版本略有修改,但任命DPO的主要標準仍然相同。以下為主要規定:


1. When determining whether processing personal data requires regular monitoring due to its large-scale personal data, only the “core activity” of the data controller or data processor is being considered. The term “core activity” is an essential and integral activity directly related to the primary operations of the data controller or data processor, and does not include any supplementary business activities such as human resources and information technology activities.

在確定個人資料處理是否因擁有大量個人資料而需要定期監控時,僅考慮資料控制者或資料處理者的「核心活動」。 「核心活動」一詞為與資料控制者或資料處理者的主要營運直接相關的基本且完整的活動,不包括人力資源和資訊科技活動等任何補充業務活動。

2. Processing activities that require regular monitoring of personal data refers to activities relating to tracking, monitoring, analyzing, or predicting the behavior, attitude, or profile of individuals, and generally involves processing personal data in a systemic manner on a usual or regular basis. These include membership card programs, credit scoring, insurance premium consideration, fraud prevention, processing of personal data by computer network system service providers or telecommunications operators, behavioral advertising according to the requirements for the appointment of a data protection officer in the Government Gazette on 14 September 2023, number 5.

根據2023年9月14日第5號政府公報任命資料保護長的要求,需要定期監控個人資料的處理活動是指與追蹤、監控、分析或預測個人的行為、態度或概況有關的活動,一般涉及通常或定期對個人資料進行系統處理。這包括會員卡計劃、信用評分、保險費評估、詐欺預防、電腦網路系統服務供應商或電信業者對個人資料的處理、行為廣告。

3. Determine whether processing activities constitute “large-scale processing of personal data”, there are many factors being considered according to the requirements for the appointment of a data protection officer in the Government Gazette on 14 September 2023, number 6:

根據2023年9月14日第6號政府公報任命資料保護長的要求,判斷處理活動是否構成“大規模處理個人資料”,需要考慮許多因素:

Ø Number or proportion of data subjects whose personal data is processed, compared to the total number of potential data subjects

處理個人資料的資料主體數量或比例,與潛在資料主體總數相比

Ø Quantities, type, or characters of personal data processed

處理的個人資料的數量、類型或特性

Ø Duration or permanence of the processing of personal data

個人資料處理的持續時間或持久性

Ø Scope or areas of the processing of the personal data

個人資料處理的範圍或領域


This version of the notification specifies that processing at least personal data of 100,000 data subjects is considered “large-scale processing of personal data.”

這個版本的通知規定,處理至少10萬名資料主體的個人資料被視為「大規模個人資料處理」。


If the processing of personal data in core activities meets the above (2) and (3), the data controller or data processor must appoint a DPO to handle personal data protection-related matters. Such DPO can also perform other roles or duties if the data controller or the data processor who appointed such DPO warrants to the PDPC for such roles or duties of the DPO not to conflict with his DPO duties as required under the PDPA.

若核心活動中的個人資料處理符合上述(2)和(3),資料控制者或資料處理者必須指定DPO處理個人資料保護相關事宜。如果任命DPO的資料控制者或資料處理者向PDPC保證 DPO的角色或職責與PDPA規定的DPO職責不衝突, DPO 還可以履行其他角色或職責。

[1] Please refer to the article “Draft Notification on Data Protection Officer Appointment is Released in Thailand” at https://0rz.tw/nz4xJ.


33 views0 comments

Recent Posts

See All

Requirements for Digital Assets Governance Business and Exchange Rules are Updated in Thailand 泰國更新數位資產業務治理要求和交易所規則

泰國數位資產業務經營者的董事、授權人員和經理必須具有相關行業3-5年的工作經驗,包括在金融機構、貨幣或資本市場、與數位資產業務相關的管理職位、或學術或專業人士的工作經驗像是會計、金融、經濟、法律或資訊科技等領域的專家。此外,他們還必須具有1年數位資產特定工作經驗,例如區塊鏈和智慧

Comments


bottom of page