Thailand’s National Institute of Development Administration (Nida) is rolling out a data protection officer (DPO) training and certification programme in a bid to get organisations ready for the country’s upcoming Personal Data Protection Act (PDPA).
The programme, when ready on 17 March 2020, will offer certification courses from the International Association of Privacy Professionals (IAPP) and is aimed at DPOs, as well as compliance, legal and information security professionals.
Towards the second half of 2020, participants will also have the option to earn the IAPP’s Certified Information Privacy Manager (CIPM) certification.
Nida, a graduate university focused on fields related to national development, said its programme was jointly developed with the Data Protection Excellence (Dpex) Centre, the education and research arm of Straits Interactive, a Singapore-based data protection consultancy. The centre’s members include ASEAN universities such as Singapore Management University and the International Islamic University of Malaysia.
Thailand’s PDPA, which comes into effect on 27 May 2020, is expected to drive the demand for DPOs in the country.
Globally, the IAPP estimated in 2016 that as many as 75,000 DPO positions will be created in response to Europe’s General Data Protection Regulation (GDPR) worldwide. Singapore had also forecasted a shortage of a minimum of 10,000 DPOs.
J Trevor Hughes, IAAP president and CEO, said: “With the emergence of new legislation in Thailand, we are pleased to see the expansion of resources and access to the CIPM certification, the world’s first and only certification in privacy programme management. With this certification, data protection professionals will be equipped to adopt global best practices and operationalise their data protection programmes.”
ASEAN countries have been progressively rolling out their country’s data protection laws, making it essential for those who manage data protection to be adequately prepared for their roles.
“One of the regional trends that we predict for 2020 is the increased demand for DPOs and expertise due to new data protection laws and their enforcement,” said Kevin Shepherdson, CEO of Straits Interactive and head of the Dpex Centre.
“With the new Thai PDPA in force, we will see an increasing demand for qualified and certified data protection professionals to help organisations comply with the Thai PDPA. We are happy to share our expertise and experience with Nida in promoting data protection in Thailand.”
Thailand’s PDPA, modelled after the GDPR, requires organisations to seek consent to collect personal data, with data owners given the right to revoke access to their data at any time, among other provisions.
Being extraterritorial, it applies to any organisation outside the country that collects the personal data of Thai citizens and residents. Those that contravene the PDPA risk administrative fines of up to THB5m, as well as criminal penalties including imprisonment and fines of up to THB1m.
Read more about data protection in ASEAN
- Singapore’s data protection watchdog issues advisory guidelines to help businesses and cloud suppliers stay on the right side of the law under the country’s data protection regime.
- A large proportion of businesses in ASEAN will be affected by the GDPR, but awareness of the new rules remains low.
- The Regulatory Pilot Space will offer ASEAN businesses a safe test environment to provide digital services across the region while complying with data privacy rules.
- APAC companies reveal how they are tackling data management challenges that have been compounded by growing cloud usage and compliance requirements.