2. Established in 2003
Major practices
Banking and Securities
Corporate, Commercial and FDI
Mergers & Acquisitions
Intellectual Property
Real Property and Construction
Telecommunications, Media and Technology
Litigation and Dispute Resolution
www.lawplusltd.com
11 full-time lawyers
9 litigation lawyers
7 assistants
Professional, Practical, Prompt and Pro-active
4. 4
Emergency Decree on Electronic Meetings B.E. 2563
(“EDEM”)
• Repealed and replaced the Notification of the National Council
for Peace and Order No. 74/2557 on Electronic Meetings B.E.
2557 dated 27th June 2014
• In response to the Covid-19 pandemic
• Effective Date: 19th April 2020
• Enactment Date: 18th April 2020
• For efficiency and continuity of public sector
administration and private sector operation
5. 5
E-Meeting under EDEM
Meeting
is required
by law.
1
Meeting
is convened
via electronic
media.
2
Attendees are not
at the same place.
3 Attendees can
discuss or exchange
opinions via
electronic media.
4 Meeting must meet
the e-meeting
security standards
announced by the
MDES (Ministry of
Digital Economy and
Society).
5
Electronic Meeting
6. 6
Legal Status of E-Meetings
• E-meetings have the same legal effect as meetings convened
under the normal legal procedures.
• Electronic data of e-meeting cannot be denied in evidence in
civil, criminal or other lawsuits merely because it is electronic
data.
• Chairman of the meeting can decide to call an e-meeting.
• An alternative of meetings convened under the normal legal
procedures.
• Notices, minutes and agenda documents can be also made,
given and kept by electronic means.
7. 7
Arrange for attendees to identify themselves
through electronic means before
commencement of the meeting
Arrange for attendees to vote on an open voting
or a confidential voting
Prepare a minutes of the meeting in writing
Keep the electronic traffic data of all attendees for
evidence as electronic data and keep it as part of the
minutes
Record audio or audio-visual records of all
attendees throughout the meeting (except for
confidential meeting parts) as electronic data and
keep them as part of the minutes
Convene e-meeting in accordance with
the MDES e-meeting security standards
Person in Charge of Holding E-Meeting Must:
8. 8
• MDES Notification on Standards for Maintaining Security
of Meetings via Electronic Means B.E. 2563 dated 12th
May 2020
• Effective Date: 27th May 2020
• Security standards for e-meetings under EDEM and
international e-meeting security standards
MDES E-Meeting Security Standards
9. 9
Seven
Security
Standards
of
E-Meetings
.
.
a process to identify each
attendee by using information
and/or telecommunications
technology.
an interactive audio or video
communication with sufficient
channels and devices.
Voting
open and secret voting methods that can
identify the number of votes and the total
voting scores.
Record
retention of the information and
evidence of the meeting and
attendance of all attendees.
Attendees
retention of the electronic
traffic data of all attendees.
Accessibility
accessibility to the meeting
documents by attendees.
Disruption
notification of any disruption that
occurred during the meeting.
Identification
Devices
Seven E-Meeting Security Standards
10. 10
Additional Security Standards for Confidential E-Meetings
01 Security measures against unauthorized access.
02
Undertakings of attendees to keep the meeting
confidential.
03
CertificationSystem
Person in Charge
Meeting control system must be secure.
Attendee is not allowed to record any audio
and/or video of public sector confidential e-
meeting.
11. 11
• Several government authorities still require wet signatures for e-meeting
documents (notices, minutes, and agenda documents) and the normal
legal procedures for their preparation, delivery and retention.
• Some government authorities accept electronic documents.
• Electronic records of e-meetings are admissible as evidence in civil,
criminal and other proceedings in Court.
• General statutory limit of 10 years applies to e-meeting records and
computer traffic data of e-meeting.
Filing of E-Meeting Documents with Authorities
12. 12
Signing of E-Meeting Documents
Electronic
signatures under
the Electronic
Transactions Act
B.E. 2544 as
amended
1
Information used
for creating the
electronic signature
must associate with
the owner of the
signature / the
signatory
2
Information used for
creating the electronic
signature, at the time
the electronic signature
being created, is under
the control of the owner
of the signature
3 Changes to the
electronic signature
can be checked
electronically
4 Changes on the
statement / data
message signed by
the electronic
signature can be
checked starting
from the time when
the electronic
signature is signed
5
Electronic Signature
13. 13
Personal Data Protection Act B.E. 2562
• Publication Date: 17th May 2018
• Partial Effective Date: 28th May
2019
• Partial Enforcement Date: 28th
May 2019
• Full Enforcement Date: 1st June
2021
Important DatesKey Provisions
• Data Subject
• Personal Data Protection
Committee (“PDPC”)
• Office of the Personal Data
Protection Committee (“OPDPC”)
• Basis for Processing Personal Data
• Extraterritorial Applicability
• Data Protection Officer (“DPO”)
• Representative of Foreign Data
Controller
• Right of Data Subjects
• Liabilities of Data Controller
14. 14
Key Parties
• a natural person or juristic person
• having the power and duty to make
decisions in relation to the collection,
use, or disclosure of Personal Data
• a natural person or juristic person
• who collects, uses, or discloses
Personal Data on behalf of a Data
Controller
Data
Controller
Data Subject
Data
Processor
Personal Data
• any Personal Data information relating to
a data subject
• enables the identification of data subject
directly or indirectly
16. 16
Personal Data and Sensitive Personal Data
Name
Address
Identification/Passport No.
Personal Phone No.
Bank / Credit cards
Personal Email address
IP Address
Cookies
Online Identifiers
PersonalData
Racial or Ethnic Origin
Political Opinions
Religious or Philosophical Beliefs
Sexual Orientation/Behaviour
Criminal Records
Health and Disability
Trade Union Membership
Genetic
Biometric
SensitiveData
other data to be announced by the PDPC
17. 17
Businesses Who Are Data Controllers
• All businesses in Thailand regardless of
where collection, use, or disclosure of
Personal Data takes place
• All businesses outside Thailand if their
collection, use, or disclosure of Personal
Data of data subjects in Thailand is
made for:
(1) offering of goods or services to the data
subjects who are in Thailand,
irrespective of whether or not any
payment for goods or services is made
by the data subjects.
(2) monitoring of the data subject’s
behavior, where the behavior takes
place in Thailand. Extraterritorial Applicability
18. 18
Rights of Data Subjects
Right to Be Notified of the types of data to be
collected, how data will be used and stored, who
will have access to it, etc.
Right to Access Data
Right to Modify Data
Right to Transfer and Data Portability
Right to Delete Data
Right to Object and Withdraw Consent
19. 19
Data Protection Officer (“DPO”)
Duties of Data Protection Officer (DPO)
• Appointed by Data Controller or Data Processor
• Advising Data Controller or Data Processor and their employees with
respect to any collection, use or disclosure of personal data
• Reviewing the operation of Data Controller or Data Processor in
relation to their compliance with the PDPA
• Coordinating with the OPDPC
• Maintaining the confidentiality of the Personal Data obtained.
• Data Controller or Data Processor engaging in a business of collecting,
using or disclosing Sensitive Personal Data
• Data Controller or Data Processor engaging in a large amount of
personal data to be prescribed by the PDPC.
Who Must Appoint a DPO?
20. 20
Maximum Administrative Fines
If personal data is breached:
PDPA
FINES
OR
Data Controller must
report the breach to
the OPDPC within
hours
a fine up to
72 THB5 Million
21. 21
Consent of data subject
Contract with data
subject
Legal Obligations
Required to establish,
defend and enforce legal
rights
Vital Interest of data
subject without
consent to save life
Public Task
Government work
Legitimate interests of
data controller that
outweigh privacy rights
of data subject
Basis for Processing Personal Data
22. 22
Major Pitfalls to Avoid
Lack of legal documents required for PDPA
compliance
No clear understanding of where personal data
is kept or who owns it
Cannot identify legal basis for collection, use or
disclosure of personal data
No clear understanding of roles and obligations
of Data Controller and Data Processor
No PDPA compliance team, no DPO
