PDPA (Personal Data Protection Act) Act, Personal Information Protection Act 2562 laws protect personal information. Protecting personal data to eliminate and mitigate privacy infringements ( PDPA Breach ) is a law that business owners and Human Resources (HR) must focus on because they are the applicant’s data holder and All employees within the organization’s application information. Personal record educational evidence House registration information, ID card, salary, work assessment results, absenteeism, late arrivals, health history criminal record, are all personal data that The Human Resources Department (HR) must maintain and adhere strictly to PDPA (PDPA Compliance).
From the past incidents, large organizations or organizations are the cause of many data leaks; therefore, as the Human Resources Department (HR) of the organization is considered the main person involved in collecting, using, and disclosing personal information, known as the individual control information about the collection of personal data to meet the requirements of the PDPA.
Human Resources (HR), the compilation, use, or disclosure of that personal information must state the purpose of collecting, using or disclosing that personal data precisely.
The Human Resources Department (HR) is the personal data controller. which is a person or juristic person who has the authority to make decisions regarding the collection, use, or disclosure of personal information, and personal information may be collected, used, or disclosed only when: Obtain the consent of the owner of the personal data. Collect data from contracts with the owner of that information. Document history or archives for the public benefit related to research study or statistical preparation Prevent or suppress a danger to a person’s life, body, or health. It is a contractual act between the Personal Data Controller and another person or entity. For the benefit of the owner of the personal data Necessary to comply with a law or contract
If the Human Resources Department (HR) violates the Personal Data Protection Act, What are the penalties?
- Civil penalty indemnifies the owner of the personal data for damages caused by the infringement and may pay compensation for additional penalties up to 2 times the actual damage. It is valid for three years from the date the injured person becomes aware of the damage. and knowing the controller of personal data or a personal data processor liable or ten years from the date of the personal data breach
- Criminal penalties are both imprisonment and a fine with a maximum imprisonment for one year or a fine of 1 million baht, or both.
- Administrative penalties of the data controller are collecting, using, or disclosing personal information without a legal basis Failure to seek consent legally or not inform the consequences of withdrawing consent Failure to comply with the data subject’s right of objection. There is a fine from 1 million baht to a maximum of 5 million baht.
Mistakes can have severe legal penalties if the data controller and related equipment include inconsistent storage locations and proper practices. Causing the formula organization to lose business opportunities, a PDPA consultant ( PDPA Compliance Service ) will help organizations comply strictly with the Personal Data Protection Act B.E. It gives organizations credibility in handling personal data. There are policies and guidelines for corporate privacy protection laws. Vinarco, a PDPA Consulting Specialist, provides a comprehensive PDPA solution for archiving consulting, helping organizations protect and store data optimally. Able to control, collect, use or disclose personal information by PDPA requirements.