At Pimaccounting, our Data Privacy, Data Protection, GDPR, and PDPA consultants offer cutting-edge, practical and effective solutions for all your GDPR, PDPA, privacy, and cybersecurity challenges – no matter how small or large your organization.

With so many laws and regulations surrounding data security and usage, it’s not surprising that most people find it overwhelming. Collecting, sharing, and using data can feel like a minefield.

We know how complex regulations such as the EU General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Personal Data Protection Act (PDPA) can seem.

Using a unique set of methodologies, we aim to embed security and technology as part of the standard business process, ensuring the value of data is recognized and protected throughout its life-cycle.

Scope of services we provide:

  • Data Protection audits, assessments, reviews, and evaluations
  • GDPR & PDPA expertise
  • Implementation support on System Information & Data Flow level
  • Implementation support on Security level
  • Implementation support on Infrastructure & Database level
  • Implementation support on Programming & Coding level
  • Implementation support on Front-end & Human interaction level
  • Implementation support on Contract & Legal level
  • Training & E-Training
  • Conducting data protection impact assessments (DPIAs)
  • Dealing with data breaches
  • Outsourced DPO

Best practice for PDPA

The Electronic Transactions Development Agency (ETDA) has issued guidelines on best practices to protect personal data as follows:

01 Identify Personal Data
Establish an understanding with the overall strategy of personal data protection, both the company’s sensitive data and personal data, according to PDPA. Thereafter, identify the scope of data to be protected and develop a model data structure and categorize data.

02 Identify how data is being used
Search, analyze, and categorize data into different types regularly. Establish an understanding of the data environment, structure, and lifecycle to determine the most effective data protection measures.

03 Identify the baseline of sensitive data protection
Set up a baseline to protect sensitive data of the company and personal data, according to PDPA. Evaluate the control processes and measures required, as well as perform risk assessment and gap analysis to identify solutions and risk mitigation.

04 Plan, design, and implement data protection
Plan and prioritize measures to protect sensitive data of the company and personal data, both technical and strategic data. Thereafter, design and implement preventive measures for such data securely. Most importantly, the protective measures must be aligned with business growth targets.

05 Monitor and protect sensitive data
Develop data governance framework, risk metrics, and monitoring processes to ensure that practice guidelines and control measures are working properly to achieve objectives. In addition, review the strategy and data protection measures regularly.

pdpa and data protection