LawPlus Ltd., profile picture
Uploaded byLawPlus Ltd.
138 views

Update on Laws and Practices 2020

1) LawPlus Ltd. is a law firm established in 2003 located in Bangkok, Thailand that provides legal services in various areas such as banking, corporate law, intellectual property, and dispute resolution. 2) The document discusses recent legal developments in Thailand including the Emergency Decree on Electronic Meetings from 2020 that allows for electronic meetings and the Personal Data Protection Act from 2018 that regulates the processing of personal data. 3) It summarizes key provisions of these laws such as the requirements for electronic meetings, the rights of data subjects, and obligations of data controllers in handling personal data. Fines and other liabilities for non-compliance are also outlined.

Law

Embed presentation

The information provided in this document is general in nature and may not apply to any specific situation. Specific advice should be sought before taking any action based on the information provided. Under no circumstances shall LawPlus Ltd. or any of their directors, partners and lawyers be liable for any direct or indirect, incidental or consequential loss or damage that results from the use of or the reliance upon the information contained in this document. Copyright © 2020 LawPlus Ltd. UPDATE ON LAWS 2020 Kowit Somwaiya, Managing Partner Oramart Aurore Saardphak, Senior Associate LawPlus Ltd. Korean-Thai Chamber of Commerce 8 October 2020 Dusit Thani Hotel, Pattaya
Established in 2003 Major practices  Banking and Securities  Corporate, Commercial and FDI  Mergers & Acquisitions  Intellectual Property  Real Property and Construction  Telecommunications, Media and Technology  Litigation and Dispute Resolution www.lawplusltd.com 11 full-time lawyers 9 litigation lawyers 7 assistants Professional, Practical, Prompt and Pro-active
3 E-Meeting Personal Data Protection Topics
4 Emergency Decree on Electronic Meetings B.E. 2563 (“EDEM”) • Repealed and replaced the Notification of the National Council for Peace and Order No. 74/2557 on Electronic Meetings B.E. 2557 dated 27th June 2014 • In response to the Covid-19 pandemic • Effective Date: 19th April 2020 • Enactment Date: 18th April 2020 • For efficiency and continuity of public sector administration and private sector operation
5 E-Meeting under EDEM Meeting is required by law. 1 Meeting is convened via electronic media. 2 Attendees are not at the same place. 3 Attendees can discuss or exchange opinions via electronic media. 4 Meeting must meet the e-meeting security standards announced by the MDES (Ministry of Digital Economy and Society). 5 Electronic Meeting
6 Legal Status of E-Meetings • E-meetings have the same legal effect as meetings convened under the normal legal procedures. • Electronic data of e-meeting cannot be denied in evidence in civil, criminal or other lawsuits merely because it is electronic data. • Chairman of the meeting can decide to call an e-meeting. • An alternative of meetings convened under the normal legal procedures. • Notices, minutes and agenda documents can be also made, given and kept by electronic means.
7 Arrange for attendees to identify themselves through electronic means before commencement of the meeting Arrange for attendees to vote on an open voting or a confidential voting Prepare a minutes of the meeting in writing Keep the electronic traffic data of all attendees for evidence as electronic data and keep it as part of the minutes Record audio or audio-visual records of all attendees throughout the meeting (except for confidential meeting parts) as electronic data and keep them as part of the minutes Convene e-meeting in accordance with the MDES e-meeting security standards Person in Charge of Holding E-Meeting Must:
8 • MDES Notification on Standards for Maintaining Security of Meetings via Electronic Means B.E. 2563 dated 12th May 2020 • Effective Date: 27th May 2020 • Security standards for e-meetings under EDEM and international e-meeting security standards MDES E-Meeting Security Standards
9 Seven Security Standards of E-Meetings . . a process to identify each attendee by using information and/or telecommunications technology. an interactive audio or video communication with sufficient channels and devices. Voting open and secret voting methods that can identify the number of votes and the total voting scores. Record retention of the information and evidence of the meeting and attendance of all attendees. Attendees retention of the electronic traffic data of all attendees. Accessibility accessibility to the meeting documents by attendees. Disruption notification of any disruption that occurred during the meeting. Identification Devices Seven E-Meeting Security Standards
10 Additional Security Standards for Confidential E-Meetings 01 Security measures against unauthorized access. 02 Undertakings of attendees to keep the meeting confidential. 03 CertificationSystem Person in Charge Meeting control system must be secure. Attendee is not allowed to record any audio and/or video of public sector confidential e- meeting.
11 • Several government authorities still require wet signatures for e-meeting documents (notices, minutes, and agenda documents) and the normal legal procedures for their preparation, delivery and retention. • Some government authorities accept electronic documents. • Electronic records of e-meetings are admissible as evidence in civil, criminal and other proceedings in Court. • General statutory limit of 10 years applies to e-meeting records and computer traffic data of e-meeting. Filing of E-Meeting Documents with Authorities
12 Signing of E-Meeting Documents Electronic signatures under the Electronic Transactions Act B.E. 2544 as amended 1 Information used for creating the electronic signature must associate with the owner of the signature / the signatory 2 Information used for creating the electronic signature, at the time the electronic signature being created, is under the control of the owner of the signature 3 Changes to the electronic signature can be checked electronically 4 Changes on the statement / data message signed by the electronic signature can be checked starting from the time when the electronic signature is signed 5 Electronic Signature
13 Personal Data Protection Act B.E. 2562 • Publication Date: 17th May 2018 • Partial Effective Date: 28th May 2019 • Partial Enforcement Date: 28th May 2019 • Full Enforcement Date: 1st June 2021 Important DatesKey Provisions • Data Subject • Personal Data Protection Committee (“PDPC”) • Office of the Personal Data Protection Committee (“OPDPC”) • Basis for Processing Personal Data • Extraterritorial Applicability • Data Protection Officer (“DPO”) • Representative of Foreign Data Controller • Right of Data Subjects • Liabilities of Data Controller
14 Key Parties • a natural person or juristic person • having the power and duty to make decisions in relation to the collection, use, or disclosure of Personal Data • a natural person or juristic person • who collects, uses, or discloses Personal Data on behalf of a Data Controller Data Controller Data Subject Data Processor Personal Data • any Personal Data information relating to a data subject • enables the identification of data subject directly or indirectly
15 Key Relations Expert CommitteeOPDPC PDPC Data Subject Data Processor Representative Data Controller Data Protection Officer
16 Personal Data and Sensitive Personal Data Name Address Identification/Passport No. Personal Phone No. Bank / Credit cards Personal Email address IP Address Cookies Online Identifiers PersonalData Racial or Ethnic Origin Political Opinions Religious or Philosophical Beliefs Sexual Orientation/Behaviour Criminal Records Health and Disability Trade Union Membership Genetic Biometric SensitiveData other data to be announced by the PDPC
17 Businesses Who Are Data Controllers • All businesses in Thailand regardless of where collection, use, or disclosure of Personal Data takes place • All businesses outside Thailand if their collection, use, or disclosure of Personal Data of data subjects in Thailand is made for: (1) offering of goods or services to the data subjects who are in Thailand, irrespective of whether or not any payment for goods or services is made by the data subjects. (2) monitoring of the data subject’s behavior, where the behavior takes place in Thailand. Extraterritorial Applicability
18 Rights of Data Subjects Right to Be Notified of the types of data to be collected, how data will be used and stored, who will have access to it, etc. Right to Access Data Right to Modify Data Right to Transfer and Data Portability Right to Delete Data Right to Object and Withdraw Consent
19 Data Protection Officer (“DPO”) Duties of Data Protection Officer (DPO) • Appointed by Data Controller or Data Processor • Advising Data Controller or Data Processor and their employees with respect to any collection, use or disclosure of personal data • Reviewing the operation of Data Controller or Data Processor in relation to their compliance with the PDPA • Coordinating with the OPDPC • Maintaining the confidentiality of the Personal Data obtained. • Data Controller or Data Processor engaging in a business of collecting, using or disclosing Sensitive Personal Data • Data Controller or Data Processor engaging in a large amount of personal data to be prescribed by the PDPC. Who Must Appoint a DPO?
20 Maximum Administrative Fines If personal data is breached: PDPA FINES OR Data Controller must report the breach to the OPDPC within hours a fine up to 72 THB5 Million
21 Consent of data subject Contract with data subject Legal Obligations Required to establish, defend and enforce legal rights Vital Interest of data subject without consent to save life Public Task Government work Legitimate interests of data controller that outweigh privacy rights of data subject Basis for Processing Personal Data
22 Major Pitfalls to Avoid Lack of legal documents required for PDPA compliance No clear understanding of where personal data is kept or who owns it Cannot identify legal basis for collection, use or disclosure of personal data No clear understanding of roles and obligations of Data Controller and Data Processor No PDPA compliance team, no DPO
23 kowit.somwaiya@lawplusltd.com LawPlus Ltd. Unit 1401, 14th Floor, 990 Abdulrahim Place Rama IV Road, Bangkok 10500, Thailand Tel. +66 (0)2 636 0662, Fax +66 (0)2 636 0663 www.lawplusltd.com Questions? More Information?
24 Unit 1401, 14th Floor, 990 Abdulrahim Place, Rama IV Road, Bangkok 10500, Thailand Tel. +66 (0)2 636 0662, Fax +66 (0)2 636 0663 www.lawplusltd.com

More Related Content

PPT
Personal Data Protection in Malaysia
bykhenghoe
 
PPT
Personal Data Protection in Malaysia
byMSC Malaysia Cybercentre @ Bangsar South City
 
PDF
Personal Data Protection Act - Employee Data Privacy
bylegalPadmin
 
PPT
PDPA 2010 at office (HairulHafiz)
byHairul Hafiz Hasbullah
 
PPTX
Data Protection & Privacy in Malaysian Total Hospital Information System
byQuotient Consulting
 
PDF
The 22nd Legal Forum Seminar (Nov 2021)
byLawPlus Ltd.
 
PPTX
The Data Protection Act
bySaimaRafiq
 
PDF
Half day public-seminar_on_pdpa_2010_-_250711
byQuotient Consulting
 
Personal Data Protection in Malaysia
bykhenghoe
 
Personal Data Protection in Malaysia
byMSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection Act - Employee Data Privacy
bylegalPadmin
 
PDPA 2010 at office (HairulHafiz)
byHairul Hafiz Hasbullah
 
Data Protection & Privacy in Malaysian Total Hospital Information System
byQuotient Consulting
 
The 22nd Legal Forum Seminar (Nov 2021)
byLawPlus Ltd.
 
The Data Protection Act
bySaimaRafiq
 
Half day public-seminar_on_pdpa_2010_-_250711
byQuotient Consulting
 

What's hot

PDF
Highlights of the Singapore Personal Data Protection Act 2012
byFuji Xerox Singapore
 
PPTX
Applying the Personal Data Protection Act (Singapore)
byBenjamin Ang
 
PPTX
Intercity technology - GDPR your training toolkit
byjoshquarrie
 
PPTX
The Protection of Personal Information Act 4 of 2013
byMyron Duncan Burton Betshanger
 
PDF
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
byVijay Dalmia
 
PDF
The Personal Data Protection Act challenge in Singapore
byJean Luc Creppy
 
PPT
Data Privacy in India and data theft
byAmber Gupta
 
PPT
Reasonable security practices and procedures and sensitive personal data or i...
byVijay Dalmia
 
PDF
Personal Data Protection Singapore - Pdpc corporate-brochure
byJean Luc Creppy
 
PDF
Reasonable security practices and procedures and sensitive personal data or i...
byVijay Dalmia
 
PPTX
The Protection of Personal Information Act: A Presentation
byEndcode_org
 
PPTX
Protection of Personal Information Bill (POPI)
byRobert MacLean
 
PDF
Documents, documents and more documents - is it time to spring clean? - Ahmor...
byWerksmans Attorneys
 
PDF
Practical steps to take in preparation for the Protection of Personal Informa...
byWerksmans Attorneys
 
PDF
POPI
byPOPI ACT Protection of Personal Info
 
PDF
Personal data protection bill
byMathew Chacko
 
PPT
Merit Event - Understanding and Managing Data Protection
bymeritnorthwest
 
PPT
Data Protection Act
byYizi
 
PDF
PDPA 2010 (part 2) - What's Next?
byHairul Hafiz Hasbullah
 
PPT
Impact of ict on privacy and personal data
bymohd kamal
 
Highlights of the Singapore Personal Data Protection Act 2012
byFuji Xerox Singapore
 
Applying the Personal Data Protection Act (Singapore)
byBenjamin Ang
 
Intercity technology - GDPR your training toolkit
byjoshquarrie
 
The Protection of Personal Information Act 4 of 2013
byMyron Duncan Burton Betshanger
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
byVijay Dalmia
 
The Personal Data Protection Act challenge in Singapore
byJean Luc Creppy
 
Data Privacy in India and data theft
byAmber Gupta
 
Reasonable security practices and procedures and sensitive personal data or i...
byVijay Dalmia
 
Personal Data Protection Singapore - Pdpc corporate-brochure
byJean Luc Creppy
 
Reasonable security practices and procedures and sensitive personal data or i...
byVijay Dalmia
 
The Protection of Personal Information Act: A Presentation
byEndcode_org
 
Protection of Personal Information Bill (POPI)
byRobert MacLean
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
byWerksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
byWerksmans Attorneys
 
POPI
byPOPI ACT Protection of Personal Info
 
Personal data protection bill
byMathew Chacko
 
Merit Event - Understanding and Managing Data Protection
bymeritnorthwest
 
Data Protection Act
byYizi
 
PDPA 2010 (part 2) - What's Next?
byHairul Hafiz Hasbullah
 
Impact of ict on privacy and personal data
bymohd kamal
 

Similar to Update on Laws and Practices 2020

PPTX
PDPA Compliance Preparation
byLawPlus Ltd.
 
PPTX
Safeguarding Information: An Overview of Data Protection
bytudokimberlyann
 
PPTX
Presentation_on_Zambian_Data_protection_Act.pptx
byEwin Chifumpu
 
PPTX
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
byTerry Gorry
 
PPTX
General Data Protection Regulation (GDPR)
byKimberly Simon MBA
 
PDF
Emergency Decree on Electronic Meetings B.E. 2563
byLawPlus Ltd.
 
PPSX
Jamaica's Data Protection Act: Compliance required from the business community
byEmerson Bryan
 
PPTX
General Data Protection Regulation (GDPR)
byControlCase
 
PDF
A Complete Guide to PDPA Compliance for SMEs
byEntrust Network Services
 
PDF
Z001.0724.E meeting Update
byLawPlus Ltd.
 
PPTX
Eelectronic Meeting Law
byLawPlus Ltd.
 
PPSX
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
PDF
General Data Protection Regulation Webinar 6
byJim Kaplan CIA CFE
 
PDF
Pasoco ITSMF,SPMI-PDPA-140626-public
byPasocoPteLtd
 
PDF
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
byGary Dodson
 
PPTX
Associates quick guide to gdpr v 1.0
byAaron Banham
 
PPT
CCSP_Self_Domain_6.ppt
bySamir Jha
 
PPTX
Data protection within development
byowaspsuffolk
 
PDF
mHealth Israel_EU General Data Protection Regulation_Simon Marks
byLevi Shapiro
 
PDF
GDPRforum London
byAngry Creative (UK)
 
PDPA Compliance Preparation
byLawPlus Ltd.
 
Safeguarding Information: An Overview of Data Protection
bytudokimberlyann
 
Presentation_on_Zambian_Data_protection_Act.pptx
byEwin Chifumpu
 
The General Data Protection Regulation (GDPR) in Ireland-What You Should Know
byTerry Gorry
 
General Data Protection Regulation (GDPR)
byKimberly Simon MBA
 
Emergency Decree on Electronic Meetings B.E. 2563
byLawPlus Ltd.
 
Jamaica's Data Protection Act: Compliance required from the business community
byEmerson Bryan
 
General Data Protection Regulation (GDPR)
byControlCase
 
A Complete Guide to PDPA Compliance for SMEs
byEntrust Network Services
 
Z001.0724.E meeting Update
byLawPlus Ltd.
 
Eelectronic Meeting Law
byLawPlus Ltd.
 
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
General Data Protection Regulation Webinar 6
byJim Kaplan CIA CFE
 
Pasoco ITSMF,SPMI-PDPA-140626-public
byPasocoPteLtd
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
byGary Dodson
 
Associates quick guide to gdpr v 1.0
byAaron Banham
 
CCSP_Self_Domain_6.ppt
bySamir Jha
 
Data protection within development
byowaspsuffolk
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
byLevi Shapiro
 
GDPRforum London
byAngry Creative (UK)
 

More from LawPlus Ltd.

PPT
Enforcement of Trademarks and Copyrights in Thailand and Myanmar
byLawPlus Ltd.
 
PDF
LDD.cross border m&a transactions
byLawPlus Ltd.
 
PDF
Update on Laws and Practices 2019
byLawPlus Ltd.
 
PDF
ICO.Digital asset business operation.final
byLawPlus Ltd.
 
PPT
Overview of Thailand Intellectual Property Law and Practice
byLawPlus Ltd.
 
PDF
Overview of Thailand Intellectual Property Law and Practice
byLawPlus Ltd.
 
PDF
Visa work Permit Laws Update
byLawPlus Ltd.
 
PDF
Enforcement of Trademarks, Patents and Copyrights
byLawPlus Ltd.
 
PDF
Non-disclosure, Confidentiality and IP Ownership Issues in Company Work Rules
byLawPlus Ltd.
 
PDF
Assignment and License of IP in Joint Venture and M&A Deals
byLawPlus Ltd.
 
PDF
FDI in Thailand Webinar
byLawPlus Ltd.
 
PDF
Protection of Trade Secrets in Manufacturing and Technology Transfer Agreements
byLawPlus Ltd.
 
PDF
Z001.0909.fdi in thailand
byLawPlus Ltd.
 
PDF
Overview of IP Laws
byLawPlus Ltd.
 
PDF
Filing PCT National Phase Patent Applications in Thailand
byLawPlus Ltd.
 
PPT
PCT Refiling (Chinese Version)
byLawPlus Ltd.
 
PDF
Registration of Trademarks and Patents
byLawPlus Ltd.
 
PDF
Re-filing of Registered Trademarks in Myanmar
byLawPlus Ltd.
 
PDF
Investment Promotion and Incentives in the EEC
byLawPlus Ltd.
 
PDF
Impacts of RCEP on Thailand Trade and FDI
byLawPlus Ltd.
 
Enforcement of Trademarks and Copyrights in Thailand and Myanmar
byLawPlus Ltd.
 
LDD.cross border m&a transactions
byLawPlus Ltd.
 
Update on Laws and Practices 2019
byLawPlus Ltd.
 
ICO.Digital asset business operation.final
byLawPlus Ltd.
 
Overview of Thailand Intellectual Property Law and Practice
byLawPlus Ltd.
 
Overview of Thailand Intellectual Property Law and Practice
byLawPlus Ltd.
 
Visa work Permit Laws Update
byLawPlus Ltd.
 
Enforcement of Trademarks, Patents and Copyrights
byLawPlus Ltd.
 
Non-disclosure, Confidentiality and IP Ownership Issues in Company Work Rules
byLawPlus Ltd.
 
Assignment and License of IP in Joint Venture and M&A Deals
byLawPlus Ltd.
 
FDI in Thailand Webinar
byLawPlus Ltd.
 
Protection of Trade Secrets in Manufacturing and Technology Transfer Agreements
byLawPlus Ltd.
 
Z001.0909.fdi in thailand
byLawPlus Ltd.
 
Overview of IP Laws
byLawPlus Ltd.
 
Filing PCT National Phase Patent Applications in Thailand
byLawPlus Ltd.
 
PCT Refiling (Chinese Version)
byLawPlus Ltd.
 
Registration of Trademarks and Patents
byLawPlus Ltd.
 
Re-filing of Registered Trademarks in Myanmar
byLawPlus Ltd.
 
Investment Promotion and Incentives in the EEC
byLawPlus Ltd.
 
Impacts of RCEP on Thailand Trade and FDI
byLawPlus Ltd.
 

Recently uploaded

PPTX
GROUP 1 - ELECTRONIC COMMERCE ACT OF 2000.pptx
bydadaygonza
 
PPTX
Documents Required for Trademark Registration in India
bylegalxcode
 
PDF
Legal Strategies for Startup Success MA final.pdf
byRoger Royse
 
PDF
DMCC Supplier Code of Conduct Policy 2026
byDubai Multi Commodity Centre
 
PDF
Lessons from Korea’s Platform Competition Regulation Saga
bySangyun Lee
 
PDF
McDowell Law Firm: The Services We Offer
byJosh Mcdowell
 
PDF
AHRP LB - Limited Liability Company Administration Under the New Minister of ...
byAHRP Law Firm
 
PDF
“Trusted Cyber-Offence Legal Services – Sharma & Company”
byjavedumarjaved83
 
PDF
TISS-Student.pdf Students warned Judges Court
bysabranghindi
 
PDF
Apply for an Australian Visa for Skilled Work.pdf
byBridgeWest.eu
 
PPTX
Documentary Requirements for Copyright Registration in India
bylegalxcode
 
PDF
DR. OLIVER MASSMANN - DOING BUSINESS AND INVESTING IN VIETNAM
byDr. Oliver Massmann
 
PDF
Professional Journey and Achievement - Adv. Olengurumwa
byOnesmo Olengurumwa
 
PPTX
The Role of a Criminal Defense Lawyer in San Diego’s Justice System.pptx
byKG LAW SD, APC
 
PPTX
BJS Preparation Series-CrPC-Lecture-2 Part 02 - Legal Distinctions.pptx
by Judge Nazmul Hasan.
 
PDF
display_pdf.php_.pdf Guahati High Cort Doyjan
bysabranghindi
 
PPT
Chapter 2. Ethics and Business Ethics.ppt
byGetachewGobenaAmesge
 
PDF
AHP-Data-dec-20-29-1.pdf AHP Pravin Togaria
bysabranghindi
 
PPTX
BJS Preparation Series-Sentencing Powers Under CrPC,1898.pptx
by Judge Nazmul Hasan.
 
PDF
Danielle Oliveira New Jersey - A Central Figure In New Jersey Criminal Justice
byDanielle Oliveira New Jersey
 
GROUP 1 - ELECTRONIC COMMERCE ACT OF 2000.pptx
bydadaygonza
 
Documents Required for Trademark Registration in India
bylegalxcode
 
Legal Strategies for Startup Success MA final.pdf
byRoger Royse
 
DMCC Supplier Code of Conduct Policy 2026
byDubai Multi Commodity Centre
 
Lessons from Korea’s Platform Competition Regulation Saga
bySangyun Lee
 
McDowell Law Firm: The Services We Offer
byJosh Mcdowell
 
AHRP LB - Limited Liability Company Administration Under the New Minister of ...
byAHRP Law Firm
 
“Trusted Cyber-Offence Legal Services – Sharma & Company”
byjavedumarjaved83
 
TISS-Student.pdf Students warned Judges Court
bysabranghindi
 
Apply for an Australian Visa for Skilled Work.pdf
byBridgeWest.eu
 
Documentary Requirements for Copyright Registration in India
bylegalxcode
 
DR. OLIVER MASSMANN - DOING BUSINESS AND INVESTING IN VIETNAM
byDr. Oliver Massmann
 
Professional Journey and Achievement - Adv. Olengurumwa
byOnesmo Olengurumwa
 
The Role of a Criminal Defense Lawyer in San Diego’s Justice System.pptx
byKG LAW SD, APC
 
BJS Preparation Series-CrPC-Lecture-2 Part 02 - Legal Distinctions.pptx
by Judge Nazmul Hasan.
 
display_pdf.php_.pdf Guahati High Cort Doyjan
bysabranghindi
 
Chapter 2. Ethics and Business Ethics.ppt
byGetachewGobenaAmesge
 
AHP-Data-dec-20-29-1.pdf AHP Pravin Togaria
bysabranghindi
 
BJS Preparation Series-Sentencing Powers Under CrPC,1898.pptx
by Judge Nazmul Hasan.
 
Danielle Oliveira New Jersey - A Central Figure In New Jersey Criminal Justice
byDanielle Oliveira New Jersey
 

Update on Laws and Practices 2020

  • 1.
    The information providedin this document is general in nature and may not apply to any specific situation. Specific advice should be sought before taking any action based on the information provided. Under no circumstances shall LawPlus Ltd. or any of their directors, partners and lawyers be liable for any direct or indirect, incidental or consequential loss or damage that results from the use of or the reliance upon the information contained in this document. Copyright © 2020 LawPlus Ltd. UPDATE ON LAWS 2020 Kowit Somwaiya, Managing Partner Oramart Aurore Saardphak, Senior Associate LawPlus Ltd. Korean-Thai Chamber of Commerce 8 October 2020 Dusit Thani Hotel, Pattaya
  • 2.
    Established in 2003 Majorpractices  Banking and Securities  Corporate, Commercial and FDI  Mergers & Acquisitions  Intellectual Property  Real Property and Construction  Telecommunications, Media and Technology  Litigation and Dispute Resolution www.lawplusltd.com 11 full-time lawyers 9 litigation lawyers 7 assistants Professional, Practical, Prompt and Pro-active
  • 3.
  • 4.
    4 Emergency Decree onElectronic Meetings B.E. 2563 (“EDEM”) • Repealed and replaced the Notification of the National Council for Peace and Order No. 74/2557 on Electronic Meetings B.E. 2557 dated 27th June 2014 • In response to the Covid-19 pandemic • Effective Date: 19th April 2020 • Enactment Date: 18th April 2020 • For efficiency and continuity of public sector administration and private sector operation
  • 5.
    5 E-Meeting under EDEM Meeting isrequired by law. 1 Meeting is convened via electronic media. 2 Attendees are not at the same place. 3 Attendees can discuss or exchange opinions via electronic media. 4 Meeting must meet the e-meeting security standards announced by the MDES (Ministry of Digital Economy and Society). 5 Electronic Meeting
  • 6.
    6 Legal Status ofE-Meetings • E-meetings have the same legal effect as meetings convened under the normal legal procedures. • Electronic data of e-meeting cannot be denied in evidence in civil, criminal or other lawsuits merely because it is electronic data. • Chairman of the meeting can decide to call an e-meeting. • An alternative of meetings convened under the normal legal procedures. • Notices, minutes and agenda documents can be also made, given and kept by electronic means.
  • 7.
    7 Arrange for attendeesto identify themselves through electronic means before commencement of the meeting Arrange for attendees to vote on an open voting or a confidential voting Prepare a minutes of the meeting in writing Keep the electronic traffic data of all attendees for evidence as electronic data and keep it as part of the minutes Record audio or audio-visual records of all attendees throughout the meeting (except for confidential meeting parts) as electronic data and keep them as part of the minutes Convene e-meeting in accordance with the MDES e-meeting security standards Person in Charge of Holding E-Meeting Must:
  • 8.
    8 • MDES Notificationon Standards for Maintaining Security of Meetings via Electronic Means B.E. 2563 dated 12th May 2020 • Effective Date: 27th May 2020 • Security standards for e-meetings under EDEM and international e-meeting security standards MDES E-Meeting Security Standards
  • 9.
    9 Seven Security Standards of E-Meetings . . a process toidentify each attendee by using information and/or telecommunications technology. an interactive audio or video communication with sufficient channels and devices. Voting open and secret voting methods that can identify the number of votes and the total voting scores. Record retention of the information and evidence of the meeting and attendance of all attendees. Attendees retention of the electronic traffic data of all attendees. Accessibility accessibility to the meeting documents by attendees. Disruption notification of any disruption that occurred during the meeting. Identification Devices Seven E-Meeting Security Standards
  • 10.
    10 Additional Security Standardsfor Confidential E-Meetings 01 Security measures against unauthorized access. 02 Undertakings of attendees to keep the meeting confidential. 03 CertificationSystem Person in Charge Meeting control system must be secure. Attendee is not allowed to record any audio and/or video of public sector confidential e- meeting.
  • 11.
    11 • Several governmentauthorities still require wet signatures for e-meeting documents (notices, minutes, and agenda documents) and the normal legal procedures for their preparation, delivery and retention. • Some government authorities accept electronic documents. • Electronic records of e-meetings are admissible as evidence in civil, criminal and other proceedings in Court. • General statutory limit of 10 years applies to e-meeting records and computer traffic data of e-meeting. Filing of E-Meeting Documents with Authorities
  • 12.
    12 Signing of E-MeetingDocuments Electronic signatures under the Electronic Transactions Act B.E. 2544 as amended 1 Information used for creating the electronic signature must associate with the owner of the signature / the signatory 2 Information used for creating the electronic signature, at the time the electronic signature being created, is under the control of the owner of the signature 3 Changes to the electronic signature can be checked electronically 4 Changes on the statement / data message signed by the electronic signature can be checked starting from the time when the electronic signature is signed 5 Electronic Signature
  • 13.
    13 Personal Data ProtectionAct B.E. 2562 • Publication Date: 17th May 2018 • Partial Effective Date: 28th May 2019 • Partial Enforcement Date: 28th May 2019 • Full Enforcement Date: 1st June 2021 Important DatesKey Provisions • Data Subject • Personal Data Protection Committee (“PDPC”) • Office of the Personal Data Protection Committee (“OPDPC”) • Basis for Processing Personal Data • Extraterritorial Applicability • Data Protection Officer (“DPO”) • Representative of Foreign Data Controller • Right of Data Subjects • Liabilities of Data Controller
  • 14.
    14 Key Parties • anatural person or juristic person • having the power and duty to make decisions in relation to the collection, use, or disclosure of Personal Data • a natural person or juristic person • who collects, uses, or discloses Personal Data on behalf of a Data Controller Data Controller Data Subject Data Processor Personal Data • any Personal Data information relating to a data subject • enables the identification of data subject directly or indirectly
  • 15.
    15 Key Relations Expert CommitteeOPDPC PDPC DataSubject Data Processor Representative Data Controller Data Protection Officer
  • 16.
    16 Personal Data andSensitive Personal Data Name Address Identification/Passport No. Personal Phone No. Bank / Credit cards Personal Email address IP Address Cookies Online Identifiers PersonalData Racial or Ethnic Origin Political Opinions Religious or Philosophical Beliefs Sexual Orientation/Behaviour Criminal Records Health and Disability Trade Union Membership Genetic Biometric SensitiveData other data to be announced by the PDPC
  • 17.
    17 Businesses Who AreData Controllers • All businesses in Thailand regardless of where collection, use, or disclosure of Personal Data takes place • All businesses outside Thailand if their collection, use, or disclosure of Personal Data of data subjects in Thailand is made for: (1) offering of goods or services to the data subjects who are in Thailand, irrespective of whether or not any payment for goods or services is made by the data subjects. (2) monitoring of the data subject’s behavior, where the behavior takes place in Thailand. Extraterritorial Applicability
  • 18.
    18 Rights of DataSubjects Right to Be Notified of the types of data to be collected, how data will be used and stored, who will have access to it, etc. Right to Access Data Right to Modify Data Right to Transfer and Data Portability Right to Delete Data Right to Object and Withdraw Consent
  • 19.
    19 Data Protection Officer(“DPO”) Duties of Data Protection Officer (DPO) • Appointed by Data Controller or Data Processor • Advising Data Controller or Data Processor and their employees with respect to any collection, use or disclosure of personal data • Reviewing the operation of Data Controller or Data Processor in relation to their compliance with the PDPA • Coordinating with the OPDPC • Maintaining the confidentiality of the Personal Data obtained. • Data Controller or Data Processor engaging in a business of collecting, using or disclosing Sensitive Personal Data • Data Controller or Data Processor engaging in a large amount of personal data to be prescribed by the PDPC. Who Must Appoint a DPO?
  • 20.
    20 Maximum Administrative Fines Ifpersonal data is breached: PDPA FINES OR Data Controller must report the breach to the OPDPC within hours a fine up to 72 THB5 Million
  • 21.
    21 Consent of datasubject Contract with data subject Legal Obligations Required to establish, defend and enforce legal rights Vital Interest of data subject without consent to save life Public Task Government work Legitimate interests of data controller that outweigh privacy rights of data subject Basis for Processing Personal Data
  • 22.
    22 Major Pitfalls toAvoid Lack of legal documents required for PDPA compliance No clear understanding of where personal data is kept or who owns it Cannot identify legal basis for collection, use or disclosure of personal data No clear understanding of roles and obligations of Data Controller and Data Processor No PDPA compliance team, no DPO
  • 23.
    23 kowit.somwaiya@lawplusltd.com LawPlus Ltd. Unit 1401,14th Floor, 990 Abdulrahim Place Rama IV Road, Bangkok 10500, Thailand Tel. +66 (0)2 636 0662, Fax +66 (0)2 636 0663 www.lawplusltd.com Questions? More Information?
  • 24.
    24 Unit 1401, 14thFloor, 990 Abdulrahim Place, Rama IV Road, Bangkok 10500, Thailand Tel. +66 (0)2 636 0662, Fax +66 (0)2 636 0663 www.lawplusltd.com