Global Data and Cyber Handbook

Thailand

Select a Topic
Start Comparison
Information Requirements, Data Subject Rights, Accountability and Governance
Jump to
Information Requirements, Data Subject Rights, Accountability and Governance Start Comparison
What information needs to be included in a privacy notice to data subjects?

Last review date: January 2025

        the identity and the contact details of the controller and, where applicable, of the controller's representative

        the contact details of the data protection officer, where applicable

        the purposes of the processing for which the personal data is intended

        the legal basis for the processing

        the recipients or categories of recipients of the personal data, if any

       information regarding data transfers to third countries, where applicable, and reference to appropriate or suitable safeguards and the means by which by to obtain a copy of them or where they have been made available

        the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period

        the existence of data subjects' rights, such as the right to access, rectification, erasure, data portability, etc.

        the existence of the right to withdraw consent if processing is based on consent

        the right to lodge a complaint with a supervisory authority

        whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data

        other

  • Personal data to be collected
  • Collection of personal data from other sources
Do data subjects have specific privacy rights that must be operationalized?

Last review date: January 2025

Yes.

Data subjects have the following data privacy rights, although the specifics of the scope and conditions for each of these vary depending on the circumstances and local law:

         right to access the data subject's own personal data

         right to rectify/correct the data subject's own personal data where inaccurate or incomplete

         right to erasure of personal data

         right to restrict data processing

         right to data portability

         right to object to the processing of personal data

         right to withdraw consent

         other

Right to complain to the Expert Committee

Are there accountability and governance requirements?

Last review date: January 2025

There are accountability and governance requirements to:

☒        maintain a record of processing activities
☒        implement appropriate measures to comply with data privacy and security
☒        identify a specific individual as the data privacy contact for data subject or data protection authority inquiries
☒        provide training to employees
☒        audit or supervise data processors
☒        appoint a local representative in the jurisdiction (if the controller or processor is not located in the jurisdiction)

{{ $store.state.loadingScreen.message }} ...