Complying with Thailand’s Personal Data Protection Act
Published in the Government Gazette, May 27, 2019, Thailand’s Personal Data Protection Act (B.E. 2562 ) addresses the collection, use and protection of personal data and puts in place remedial measures for data subjects whose personal data protection is violated. The PDPA applies to organizations located in Thailand, whether they collect and use the data in Thailand or not. It also applies to organizations located outside of Thailand, if they offer goods and services to data subjects in Thailand, or if they conduct monitoring of data subjects’ behavior in Thailand.
Thailand’s PDPA is based on the EU’s General Data Protection Regulation (GDPR), but it is not the same. So, being in compliance with GDPR does not ensure compliance with PDPA. Enterprises operating in Thailand or with Thai residents should review the PDPA to ensure compliance.
One way to ensure compliance is to make sure personal data your organization holds is protected through cryptographic pseudonymization techniques, such as tokenization, and that the underpinning cryptographic keys are protected by storing and managing them in FIPS and Common Criteria certified nCipher nShield hardware security modules (HSMs).
nCipher can help you comply with many of the specific requirements of Thailand’s PDPA act.
- Provide appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of Personal Data….
- In the circumstance where the Personal Data is to be provided to other Persons or legal persons, apart from the Data Controller, the Data Controller shall take action to prevent such person from using or disclosing such Personal Data unlawfully or without authorization;
- Put in place the examination system for erasure or destruction of the Personal Data when the retention period ends, or when the Personal Data is irrelevant or beyond the purpose necessary for which it has been collected, or when the data subject has request to do so, or when the data subject withdraws consent….
Prepare and maintain records of personal data processing activities in accordance with the rules and methods set forth by the Committee.
Keep confidentiality of the Personal Data known or acquired in the course of his or her performance of duty under this Act.
nCipher’s Professional services team has developed a customized tokenization solution that secures personal information. The nCipher solution addresses the following PDPA requirements:
- Securing personal data. The solution converts plain text data to tokens that cannot be traced back to the original data. To further secure the data, access to the solution is controlled by cryptographically based user authentication, and the underpinning cryptographic keys are stored and managed in FIPS and Common Criteria certified nCipher nShield hardware security modules (HSMs).
- Protecting legally shared personal data from disclosure. The nCipher solution can partially mask data before sending it to third-party entities to maintain data confidentiality.
- Destroying personal data when retention periods end. When data retention times expire, token keys can be easily removed from nShield HSMs thus destroying the original data.
- Preparing and maintaining records of personal data processing.The nCipher solution provides logs of tokenization, de-tokenization, and masking calls for audit reference.
Compliance brief: Complying with Thailand’s Personal Data Protection Act
Thailand’s Personal Data Protection Act addresses the collection, use and protection of personal data and puts in place remedial measures for data subjects whose personal data protection is violated. Learn how nCipher can help your organization comply with several provisions of the Thailand PDPA.
Brochure: nShield HSMs
nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.
nCipher Security’s nShield sales team provide excellent local and remote support during this evaluation period and was invaluable to the process. The excellent depth, breadth and quality of the product documentation gave us confidence that the solution was well thought-out and supportedRobert Fairlie-Cuninghame,QAI technical lead/architect, Memjet
We know the nShield Solo; it’s a foundational component of the system. The system is successful, and it’s been a positive experience working with the nCipher team and its nShield HSM, allowing us to achieve a short time to market and to recover our costs.Gianni Sandrucci, Chief Executive Officer, itAgile
As a global payment solutions and commerce enablement leader, Verifone’s strategy is to develop and deploy “best in class” payment solutions and services that meet or exceed global security standards and help our clients securely accept electronic payments across all channels of commerce. We selected nCipher HSMs to provide robust security, unmatched performance and superior scalability across our payment security platforms, protecting encryption keys from virtually any attack. This helps Verifone to continue reducing merchants’ growing exposure to data breaches and cyber criminals and more aggressively safeguard consumer information…Joe Majka,Chief Security Officer
With our extended experience of relying on nCipher for HSM solutions, when it came to selecting the right component for PassBy[ME] Mobile ID we didn’t need to look at other vendors; nCipher HSMs always deliver the highest level of trust.Dr. Sándor Szöke, Deputy Director of eIDAS Trust Services, Microsec
We have a long history together and we’re extremely comfortable continuing to rely on nCipher solutions for the core of our business. We have used nCipher HSMs for five years and they have always been exceptionally reliable. We’ve layered a lot of code on top of the HSM; it delivers the performance we need and has proven to be a rock-solid foundation.Neal Harris, Security Engineering Manager, Square, Inc
nCipher Security has given us a beautiful solution around which we’ve developed our own software; equipping us with the abilityto offer our customers a truly compellingvalue proposition. We have found nCipher nShield Connectto be far more secure and friendly to usethan competing solutions. It perfectly meets our needs.Evgeny Vigovsky,COO and CTO, Saifu
The unit cost and performance of nShield enable us to offer a commodity-priced device that is simple enough for even the most technically-adverse merchant to understand and operate. Trust, integrity and security are the foundations of our company, and nCipher helps us to achieve those goals.Julia Wolkerstorfer,Marketing Manager at A-Trust
Our nCipher HSMs protect our encryption keys, safeguarding customer data from breaches. Just as importantly, it helped make achieving PCI DSS compliance far easier and more cost-effective. With the nCipher HSMs, we can easily protect, manage, and rotate encryption keys, enabling PCI DSS compliance without the need for timeconsuming manual controlsTerry Mainiero,Follett Higher Education Group
The move from paper-based to electronic invoicing has proved a great success. There was tight cooperation between our system integrator SETCCE and nCipher and their combined knowledge and experience in this specialist area delivered an ideal solution. The service meets all legislative requirements, provides a better level of service and more flexibility for our subscribers. This gives us an important competitive edge.Bostjan Zaversek,Financial Manager for Si.mobil-Vodafone
Piracy is a problem generally associated with digital content and no less so in the film industry where it is an enormous concern for both studios and distributors who lose billions of dollars each year when films are illegally copied and distributed. The encryption and decryption of content is not a major challenge, however the handling and management of security keys by both the cinema and content owners is. nCipher is an expert in encryption key management and the protection of content and intellectual property, its products offer high levels of assurance and operational efficiency and have enabled Qube to develop an online digital…Rajesh Ramachandran,President and CTO
Modernization of clinical trials is a key initiative for both the pharma industry and global regulatory agencies. In an industry with a 20-year patent cliff – SureClinical’s technology accelerates speed to market and saves companies hundreds of thousands of dollars in shipping costs, maximizing return on investment for new drug therapy investments. The adoption of this technology would be out of the question if it didn’t meet the trust and security requirements mandated by regulatory agencies and the industry. Thales was the only company that was able to provide the assurance and strong cryptographic technology that met both the needs of…Zack Schmidt,President at SureClinical