Challenges for implement PDPA in your organization

Security and Privacy

  • Understanding both security and privacy 
  • What's the difference between confidentiality and privacy? 
  • Why is security and privacy important?

Course Outline

Information Security Regulatory Bodies and Standards Frameworks 

  • Understanding the ISO27001 ((Information technologySecurity Techniques-information security management systems) and ISO 27701 (Techniques-information security management systems Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management)) Framework 
  • Understanding the NIST framework 
  • Updating Thailand Computer Crimes Act

10:35 - 12:00

Data Security Breach

  • International security case study covering data security breach Impacts on their organization

Sorawit Lim-o-pas PULSAWASD 
Sorawit L. Pulsawasd is a consultancy specialist for charity and development management in the international contexts. Currently in 2020, Sorawit establishes Food for Fighters', a public charity project for helping the healthcare frontliners and restaurant labours during COVID-19, which Coca-Cola Worldwide the human race campaign. He also supervises projects for the Community Development Department (CDD), Thailand's Ministry of Interior. Moreover, he provides operation advice and strategic supervisions including PDPA policies and practices to local organizations and authorities in Thailand as a consultant and a trainer. He was also a support team for C's Thailand Protection Guideline 1.0. and news articles on national media regarding government and NGO development projects. Prior to doing his PhD, Sorawit worked at Kenan Institute Asia, a local consultancy NGO in Thailand. He used to work in partnership with UNDP, the Rockefeller Foundation (US), USAID and the Resource Alliance (UK).
Surawit is also a final-year PhD candidate at University of East London. In 2015, Surawit finished his MA in Charity Management at St Mary's University London where his publication was presented and published in the International Society for Third-Sector Research (ISTR) conference in Japan. During his time in the UK from 2014-2019 He worked independently for consultancy and research services in several industries focusing on the contents of South East Asia markets for UK and Europe such as Al Jazeera, The Economist, BBC UK, the Edelman, Sanofi and MTV UK He also spoke and lectured at the UK universities such as university of East London, Oxford University and I SE.

14:35 - 16:00

Enhance security level for data protection

  • Log Monitoring
  • Identity and Access Management
  • Security Audits 
  • Network Security
  • Test Data Protection 
  • Software Testing
  • Incident Response Management 
  • Vulnerability Assessments and Penetration Testing (VAPT)
  • Investigations and Forensics

Introduction to the Personal Data Protection Act B.E. 2562 (2019)

​Understand the concept of cyber security and the new Personal Data Protection Act, A.D. 2562 (2019) including its requirements consent of use, rights of the data owner, and the transfer of personally identifiable information (PII) or data both locally and internationally. Learn how to comply with the law in the creation of policies covering personal data protection (Privacy Policy) procedures for data protection and, notification of personal data violations. This includes cyber security risks and threats that fall under the duties of the data protection officer (DPO)

Security and Risk Management

  • Information Security Governance 
  • Physical and Environmental Security 
  • Risk Management 
  • Information Security Controls 
  • Compliance 
  • Contractual Requirements 
  • Business Continuity

Considerations of Personal Data from 3rd Parties

  • Business funtions such as human resources, business partners or suppliers

Data Role and Responsibility

  • Document preparation Collecting revealing; changing or any action on personal data (Privacy Policy)
  • Process of preparation for compliance with conditions 

Establish Protections for Data Security Compliant to "Personal Data Protection Act B.E. 2562" 

  • The keys important
  • Cyber security best business practices for protections to "Personal data" according to PDPA and GDPR 

9:00 - 10:25

Introduction to Cyber Security

  • Why is Cyber Security Important 
  • Understanding the concept of CIA traid 
  • Importance of Defense in Depth

Data Protection Officer - DPO 

  • Definition and Scope of Personal Data and PII
  • Data controllers, Data Subject, Data processors and Sensitive

13:00 - 14:25


Agenda - One Day Training