Data Processing Agreement Save time and minimize risk for creating and e-Signing documents. Download Template Here! Data Processing Agreement Thai Template A data processing agreement document is a contract for data processing between an organization and another person or organization. Documents must be kept as evidence by both sides. ---> Download Thai Template <--- Data Processing Agreement English Template Used if we hire someone from outside. or the company processing the data This document is a set of requirements that must be complied with. What do we hire data analysts to analyze? How to send data files? How do I delete data files? This is especially suitable for data consulting companies that must enter into legal contracts. ---> Download English Template <--- Usage examples See a selection of real examples to explore the full potential of Cookie Consent for your website. See in action Live demo Try all the features of Cookie Consent in live demo now. No fees. No registration. No coding. Try now Frequently Asked Questions What is PDPA? PDPA (Personal Data Protection Act, B.E. 2019 (2019)) is the Personal Data Protection Act, B.E. 2019, which was announced in the Royal Gazette on 27 May 2019 and came into effect on 28 May 2019, in some parts, by that date. 27 May 2020 is the date this Act comes into effect according to the entire law. What is personal information? It is information about a person which makes it possible to identify that person, whether directly or indirectly. Information about the deceased and juristic person information is not considered personal information according to this Act. Personal Data (Personal Data) includes first and last name, national identification number, address, telephone number, date of birth, email, education, gender, occupation, photograph, financial information. It also includes sensitive personal data such as medical or health information, genetic and biometric information, race, political opinions, religious or philosophical beliefs, Sexual behavior, criminal history, union information, etc. What are the rights of the owner of personal data (Data Subject)? Right to be informed Right of access Right to data portability Right to object Right to erasure also known as right to be forgotten Right to restrict processing Right of rectification What personal data does the person relate to? Data Subject is the person to whom the information is specified. Data Controller is a person or juristic person who has the authority to make decisions regarding the collection, use, or disclosure of personal information. Data Processor is a person or juristic person who carries out the collection, use, or disclosure of personal data “in accordance with the order or on behalf of the personal data controller.” However, the person or juristic person who performs such action must not be the personal data controller. What will happen if PDPA is not followed? Those who use data without the consent of the data owner, whether the data controller (Data Controller) and the Data Processor (Data Processor), will be punished by law. The details are as follows: civil liability According to the actual damage and may have to pay additional compensation. The maximum is not more than 2 times the actual damages. Criminal punishment: imprisonment not exceeding 1 year or a fine not exceeding 1 million baht, or both. Administrative penalty: maximum fine not exceeding 5 million baht Cookies Policy: Why is it important? Do we need it? For the case of Thailand From the interpretation of the definition under the Cookies Act, it is considered to be considered to be “Personal information” Therefore, the use of cookies on the website or application must also notify the Cookies Policy. However, if the website or application processes personal data in a manner other than using cookies technology For example, a Username / Password is created and information is filled in for registration. In which the processing of such personal data is controlled by the controller. Information must be filed with a Privacy Notice. Or asking for consent to include all processing of personal data, the data controller can incorporate the Cookies Policy into the content of the Privacy Notice or requesting consolidated consent without having to create the Cookies Policy as a separate window.