There is now a concentrated push by policymakers and democratic groups to maintain the security of personal data (PD) of users that tech giants obtain in the process of their operations. The goal is not merely to protect certain information, but to preserve the constitutional rights and liberties about sensitive data security and privacy.
The PDPA of Thailand has come into effect in May 2020, two years after the European Union created a framework with the International Data Protection Regulation to introduce the GDPR. The Thailand’s PDPA has some parallels with specific GDPR clauses, including users’ rights to be consulted or the ability to view information obtained regarding them. The two data protection regulations also have major differences.
We have discussed these differences between the GDPR and PDA. Keep scrolling to read more.
|Took/will take effect on||Do Not Call registry: 2 Jan 2014|
Data protection obligations: 2 Jul 2014
|25 May 2018|
|Who are governed by these policies?||Covers virtually all businesses in Singapore||Applies to any organisation established within and outside of the EU, so long as:|
• the organisation offers goods or services to individuals in the EU, or
• monitors their behaviour within the EU
• processes and holds personal data of individuals residing in the EU, regardless of the organisation’s location
|What is it about?||“The [Personal Data Protection Act (PDPA) of Singapore governs] the collection, use and disclosure of individuals’ personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use and disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.”|
|“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise the data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organisations across the regions approach data privacy.”|
“The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established.”
The General Data Protection Regulation became active on 25 May 2018. It is a law of the EU on data security and privacy issues. In the European Union sense, a law does not have to be transcribed into national laws. However, GDPR is much wider and has international ramifications — for example, it even refers to businesses that are not citizens of any EU region.
While most of the basic values stay the same, the truth is that the application of GDPR is much more expansive and wide-reaching, which ensures that companies would need to change their data security practices accordingly-or possibly suffer severe repercussions.
The European Union data privacy law is applied to the following businesses.
The PDPA acts became active in October 2012. This is Singapore’s law, which monitors the utilization of collected information and disclosure of personal or sensitive information. The central objective of the Personal Data Protection Act (PDPA) is to ensure that the processing of sensitive information is completed to demonstrate and respect the user’s privacy.
It also ensures that companies that collect personal data use it for business only by respecting the individual’s rights.
PDPA is protecting the following types of personal data.