Thailand's New Data Protection Law: Compliance ChallengesBank CISO Outlines Key PDPA Compliance Issues
One of biggest challenges of complying with Thailand's Personal Data Protection Act, which will go into effect in May is managing the consent of customers, says Surachai Chatchalermpun, CISO with Krung Thai Bank, the nation's largest state bank (see: Personal Data Protection Bill on Hold - Again).
"If a customer wants to give me their location to improve the service quality, we need to have a system tracking evidence on which customer has agreed or not agreed [to share location]," Chatchalermpun says in an interview with Information Security Media Group.
Companies also must collect evidence of consent management to offer proof in court in case there is a privacy dispute, he notes.
In this interview (see audio link below photo), Chatchalermpun also discusses:
- How companies can address compliance challenges;
- How PDPA differs from the European Union's General Data Protection Regulation;
- His top three recommendations to CISOs for complying with PDPA.
As CISO at Krung Thai Bank, Chatchalermpun manages a 40-member IT security team. Previously, he was the head of IT security at Maybank Kim Eng Securities.