Jump to content
BANGKOK 17 November 2018 13:23
webfact

EU data law HITS HOME

Recommended Posts

EU data law HITS HOME

By The Nation

 

images.jpg

 

THAI BUSINESSES MUST COMPLY WITH EUROPE’S RULES ABOUT SHARING PERSONAL INFORMATION

 

As Thailand ushers in a new era of digital economy and society, data protection, privacy and data residency have become imperative issues.

 

Enforcement of the European Union’s General Data Protection Regulation (GDPR) law, which started on May 25 this year, has set a new benchmark for Thailand and other countries around the world.

 

Overall, the GDPR law is aimed at boosting transparency and the rights of data owners, who will be required to give their specific consent before any of their personal data can be used by other parties.

 

PWC, an international consulting firm, suggests that companies need to set up a data inventory to comply with the EU law with regard to their customers’ personal data as well as any third-party use of that data.

 

Second, data controllers and processors are required to notify the authorities and data owners of any data breach within 72 hours.

Third, individuals have the rights to access, correct and remove their data as well as the right to be forgotten.

 

For example, a Google search may find photos of yours that you want to delete, in which case the controllers/processors are obliged to do so at your request.

 

Due to the growing popularity of facial recognition software and mandatory compliance with the EU law, Facebook has introduced a data inventory management feature, allowing users to remove their third-party data shared by the social media site with other app developers.

 

The GDPR law is said to be enforceable beyond the 28-country EU, so major Thai companies have already taken steps toward compliance as violators are subject to hefty fines of up to 4 per cent of their global revenues.

 

Financial institutions, banks, conglomerates, airlines and multinational hotel chains are among those preparing to follow the new EU guidelines. First, most large enterprises have sought consent from their customers regarding personal data collection, storage and use, as well as consent on the sharing of data with third parties. This was previously done automatically via the bundling method without need for specific consent by data owners.

 

Enterprises also have prepared for potential litigation from data owners, as the new law establishes specific rights that could be violated by data users.

 

For Thai enterprises, the immediate threat is probably that of reputational damage if there is a data breach of EU customers such as airlines or hotels. Thai companies that have operations inside the EU – such as those in the food, energy and service sectors – are more vulnerable since they are directly under EU jurisdiction.

 

Besides the impact on reputation , Thai-owned enterprises operating inside the EU can also face serious financial and operational impacts.

 

Overall, GDPR is not just an IT issue, as some top executives mistakenly believe. The new law affects many key business aspects, ranging from data privacy and protection, legal, compliance and security, to customer service and marketing as well as human resource management.

 

As a result, enterprises need to make an overall assessment and come up with a compliance programme as well as a contingency plan in the event there is a data breach.

 

Besides the GDPR law, Thai enterprises with operations in China should also prepare to cope with the effects of China’s cybersecurity regulations, which require customers’ personal data to reside within China.

 

Source: http://www.nationmultimedia.com/detail/opinion/30347788

 
thenation_logo.jpg
-- © Copyright The Nation 2018-06-15

Share this post


Link to post
Share on other sites
1 hour ago, webfact said:

Overall, the GDPR law is aimed at boosting transparency and the rights of data owners, who will be required to give their specific consent before any of their personal data can be used by other parties.

sounds great, however they will go the route of the large companies in the usa and elsewhere, requiring an 'accept' of a long , winding disclaimer written in nearly unintelligible legalese that no one will read and all will 'accept'

  • Like 2

Share this post


Link to post
Share on other sites
Posted (edited)
8 hours ago, YetAnother said:

sounds great, however they will go the route of the large companies in the usa and elsewhere, requiring an 'accept' of a long , winding disclaimer written in nearly unintelligible legalese that no one will read and all will 'accept'

No way!

There are some misunderstandings around GDPR.

 

You have to opt-IN , therefore, as you say, chose to accept.  In theory, if you do not, then you must be removed from the company's database.

But, if you have actually signed up in the past, then you have opted in - as in the case of ThaiVisa - I've asked to receive emails from them and wish to continue doing so. 

 

in that situation, the organisation has complied simply by letting you know that their privacy terms have changed - as did ThaiVisa with an email and as have my banks, clubs where I'm a member etc.

 

Actually, I'm loving it!!!  Every email i'm getting from those who have farmed my details without my knowledge  is getting this standard reply:

 

"REMOVE ME FROM ALL YOUR SYSTEMS IMMEDIATELY AND PERMANENTLY - GDPR RULES"

 

For the 5% of those from whom I want to receive communications, I'm either clicking "Accept" or responding positively to the email. 

I do know from whom I wish to receive regular emails! If I don't recognise them, they can **** off!!

 

It works especially well for me as I can now rid what was my former business email address of all the agents, so-called financial advisers and other parasites.

 

As I say.......loving it! ?☺️

 

 

Edited by VBF

Share this post


Link to post
Share on other sites
10 hours ago, webfact said:

Thai enterprises with operations in China should also prepare to cope with the effects of China’s cybersecurity regulations, which require customers’ personal data to reside within China.

This will likely include disclosure of all Thai customer data provided in connection with Alibaba.com that is providing a new platform for sale of Thai goods in China.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

Sponsors
×