The Personal Data Protection Commission (PDPC) has imposed a fine of 7 million baht on a certain private company (unspecified) engaged in online sales business for breaching the Personal Data Protection Act 2019 (PDPA) by exposing customers’ personal information.
This company collected personal data of over 100,000 individuals but failed to comply with the following legal requirements:
– Lack of a Data Protection Officer (DPO) as mandated by law
– Inadequate security measures
– Disregarding complaints from data subjects and delaying notification to PDPC
The expert committee of PDPC imposed the maximum fine of 7 million baht and ordered the company to enhance security measures, train employees, and report back to PDPC within 7 days.
This is the first instance of PDPC penalizing a large private company since the enforcement of the PDPA in 2019.
TLDR: PDPC fined a company 7 million baht for mishandling customer data, marking the first penalty on a major private entity under the PDPA since its enforcement.
Leave a Comment