Personal information such as name-surname, telephone number, email address, ID card number, photograph, work history, age And including sensitive personal information such as race, ethnic origin, political opinion, belief, religion, sexual behavior Criminal record Health information Genetic information And biological data, All of these will be protected by the Personal Data Protection Act 2019 (PDPA) which will come into effect on May 27, 2020. By organizations or agencies, whether public or private, that have collected personal information of customers or citizens These personal data must not be used for other activities without consent.

For entrepreneurs who have collected data on customers, employees within the organization. Must understand the details of This Act. Because if the data storage is incorrect Without the consent of the data owner Including the use of information or disclosure that does not comply with the law. May be at risk of breaking the law and there are civil penalties Criminal and administrative penalties as well. Therefore, from now on, whether collecting personal information from before the Act or obtaining prior consent will not be considered consent forever. Or can be used in any way like before Therefore, entrepreneurs need to prepare for PDPA law enforcement as follows:

1. Study the law Including understanding the roles and responsibilities as specified by law in detail
   
   
2. Establish terms and policies Of the organization for internal storage Which must always review and update the existing data
   
   
3. Specify standard data storage procedures Including having forms or supporting systems used in organizations to request consent
   
   
4. Establish rules and regulations in the organization, including data collection, use, and disclosure of personal information. In accordance with the law Including determining measures for solving problems if a violation of personal information or information leakage occurs
   
   
5. Create a system that helps keep personal information safe and effective
   
   
6. Providing knowledge, training for personnel within the organization. About the importance of personal information to understand the principles and use it to work legally
   
   
7. Appoint and assign responsible persons within organizations that collect and use personal information, also known as data controllers, to operate in accordance with the law.

Although the Personal Data Protection Act 2019 is a new law for Thai entrepreneurs But is something that every organization must adapt to keep up Because if there is a violation of personal information, whether intended or not, it is against the law which will result in damage to the image and credibility of the organization in the long run.

References :
https://www.everydaymarketing.co

https://www.fusionsol.com/blog/pdpa-%E0%B8%84%E0%B8%B7%E0%B8%AD/