Audit , Critical Infrastructure Security , Finance & Banking

Thailand's New Data Protection Law: Compliance Challenges

Bank CISO Outlines Key PDPA Compliance Issues
Thailand's New Data Protection Law: Compliance Challenges
Surachai Chatchalermpun, CISO, Krung Thai Bank

One of biggest challenges of complying with Thailand's Personal Data Protection Act, which will go into effect in May is managing the consent of customers, says Surachai Chatchalermpun, CISO with Krung Thai Bank, the nation's largest state bank (see: Personal Data Protection Bill on Hold - Again).

"If a customer wants to give me their location to improve the service quality, we need to have a system tracking evidence on which customer has agreed or not agreed [to share location]," Chatchalermpun says in an interview with Information Security Media Group.

Companies also must collect evidence of consent management to offer proof in court in case there is a privacy dispute, he notes.

In this interview (see audio link below photo), Chatchalermpun also discusses:

  • How companies can address compliance challenges;
  • How PDPA differs from the European Union's General Data Protection Regulation;
  • His top three recommendations to CISOs for complying with PDPA.

As CISO at Krung Thai Bank, Chatchalermpun manages a 40-member IT security team. Previously, he was the head of IT security at Maybank Kim Eng Securities.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.