Checklist PDPA law that must have on the company website (Latest update)

Your company website ... Is it illegal at PDPA?

Business owners, executives or marketing teams, have you ever felt this way? ... You are sitting and watching the website that has invested well. But in my heart, I was deeply worried that "Our website collects customer data through the form ... use Google Analytics. Count the statistics ... with a social share button ... Is it all legal? PDPA? "Confusion, uncertainty and fear that it will be sued or enormous. Is the problem that many company website owners are quiet And do not know who to turn to consult

You are not alone. This problem is no longer far. But it is an urgent matter that may point your credibility and the future of your business.

Why suddenly "PDPA" became a big deal for every company website.

This problem does not occur, but it comes from the "Personal Data Protection Act B.E. 2562" or PDPA (Personal Data Protection Act), which is the law that comes out to protect the rights of the people from providing their personal information. The heart is Website as "Data Controller" (Data Controller) has a direct duty and responsibility to manage the data collected transparent and safe.

The reason why many companies "miss" or "overlook" this may be because:

• Issaging: Do not know that ordinary activities on the web, such as using Contact Form, Pixel of Facebook, or even using Google Analytics is considered to process all personal information.
• Familiarity: Doing the same website all the time, never asking for anything special Therefore did not adapt to the new law
• Complexity: Feeling that the law is difficult, difficult to understand and do not know where to start.

The truth is The law is not waiting for us to be ready. But we have to adapt to the law

If left ... a fine of millions and confidence that is missing May not be able to visit in time

The ignorance of the PDPA requirements are not just a small "violation of rules", but it has a violent and wide -expected impact on your business:

• Legal risks and fines: PDPA law is very severe. There are both administrative penalties (a maximum adjustment of 5 million baht), criminal penalty (maximum imprisonment of 1 year or a maximum adjustment of 1 million baht or both), and civil compensation that may be 2 times higher than the actual damage.
• Loss of credibility from customers: in the era when consumers care about privacy That your website does not have a clear policy or without a system to ask for the correct consent. Will make customers not dare to provide information and see your brand "Unreliable" This directly affects The composition creates credibility on the company website. That you try to create
• Destroy the image of the brand: News of data leakage or adjustment from PDPA can destroy the reputation that has been accumulated for many years overnight. Especially with businesses that require high confidence, such as the legal office website Or business in the stock market
• Loss of business opportunities: partners or large corporate customers always check the readiness of the partners before doing business. Not being ready in this matter may make you miss a unfortunately the deal.

Therefore, investing makes the website correspond to PDPA, so it's not "cost" but "investment" to protect your business from enormous risks.

Checklist Website Rescue: 4+1 Things to do immediately for peace of mind about PDPA.

Don't worry! Making your company website in line with PDPA is not as complicated as you think. You just start the right point and follow these necessary checklist systematically. Which should start by checking and following the following steps:

1. Prepare and disseminate Privacy Policy: This is the most important heart. It is a document that tells the user transparently, "Who are we, what information do we keep, keep it for, how long, and what rights do you have?" This document requires a language that is easy to understand. And placed in a position that users can easily see and access from all pages of the website
2. Install the consent system for cookies (Cookie Consent Banner): If your website uses cookies (Mostly used, especially Google Analytics or Facebook Pixel). You need a banner to bounce up to "Consent" always from users first Which users must choose "Accepting all", "reject", or "Set the cookies" by itself. The only Necessary cookies that do not need to ask for consent.
3. Check and improve data collection (Forms): All form on the website. Whether in contact form, application form, or quotation application form Must have a short message Notify the objectives of data collection With a link to the Privacy Policy to the user always know before pressing
4. Prepare channels for "Using the rights of the data owner": The law gives the right to the owner of access, editing, or deleting their own information. You must have a clear way (such as email, forms, or telephone numbers) so they can easily contact these rights.
5. (Plus one) appointing a personal data protection officer (DPO): For large organizations or a lot of delicate data processing. The appointment of DPO (Data Protection Officer) is the law. But for general businesses Should at least have a person responsible for understanding this directly to take care of various requests

For official insights and regulations Can study more from direct supervision agencies such as ETDA and PDPC personal data protection committee

Examples from the real thing: from the "risky" website to the website that "build confidence"

Imagine "Company B" as a B2B software service provider. Their website has a form to try to use Google Analytics to see customer behavior, but there is no Privacy Policy or Cookie Banner every time.

Turn point: When a large customer asked the "PDPA policy" before making a purchase Making the management realize that this is not a joke anymore

What to do: They decided to overhaul all of this, starting with the checklist above, hiring a consultant to help the Privacy Policy draft covering, bringing the Cookie Consent tool to install on the web. And improve the form of every point to have a checkbox consent with a clear link to the policy. These improvements are part of the website elevating Important components for investors' relationships Which mainly emphasizes transparency

Results: Just a few weeks after the improvement of the website of "B" company, not only closing the deal with that large customer. But the sales team still feels more confident in the presentation. New customers who come in show clearly confidence. The amount of trial fill up by 15% because customers are comfortable to provide information. This is the power of changing legal risks into "Trust" tools that are powerful

Do it immediately! Checklist PDPA for your company website

It's your queue! Try bringing this simple checklist to "check health", your company website. Whether all of them have all Can tick at the same time Can be together

• [] 1. Is there a "Privacy Policy" policy?
  • [] Does the content cover as required by law?
  • [] Is there a link easily from all pages (such as Footer)?
• [] 2. Is there a "banner of the cookie consent"?
  • [] Can the user choose "accept" or "reject"?
  • [] There was an consent before starting to collect data from cookies. (Except for the necessary cookies) or not?
• [] 3. Every form (Contact, Subscribe, ETC.) Is there a notification message?
  • [] There is a message saying whether to use the information to do or not?
  • [] Have a link to the Privacy Policy? Click to read more?
• [] 4. There is a way for the owner of the information. "Please exercise" or not?
  • [] Specify email, phone number, or clear form in the Privacy Policy?
• [] 5 Do you know all the information collected? Is safely collected?
  • [] Is the website inserted (https)?

If you are in the process new company's website development.

Questions that web people are always wondering about PDPA.

I have compiled a popular question that often caused confusion and answered.

Q: A small company website has only the Contact US page. Do you have to do PDPA?
Answer: Must do! Just have a form to fill out the name, email, or telephone number. It is considered a collection of personal information. At the very least, you must have a Privacy Policy and the message.

Q: Just use Google Analytics. Do you have to ask for Cookie Consent?
Answer: I have to ask for cookies from Google Analytics. It is an analytics that is not a cookie that is necessary for the website (StrictLy Necssary Cookies).

Q: Is it necessary to hire a lawyer to write Privacy Policy?
Answer: Very recommended. Especially businesses that have complicated data Letting lawyers or A company that specializes in the website of the Legal Office helps to ensure that your policy is covered and 100% correct, but if it is a small business Using a reliable template and adjusting the company's activities is a good starting point.

Question: Listed companies on the stock market Is there a strict PDPA requirement?
Answer: Yes, generally. Website requirements for listed companies Tend to be checked more intense Both in terms of transparency and credibility Strictly follow PDPA is not just regulations. But is an important part in building confidence for investors

Summary: Change PDPA from "burden" to "opportunity" to build confidence.

At this point, I believe that you can see that PDPA is no longer scary or far, but it is the "new standard" of the digital world. Whether creating a Privacy Policy, installing Cookie Banner, or forming for various form Not just doing "Prevent risk" from enormous fines only

But this is a show of responsibility and sincerity to your customers. It was announced to the world that "Your brand attaches importance to their rights and privacy." This is the strongest foundation to build relationships and trust in the long run.

Do not wait for the problem and then solve it. It's time to explore and improve your company website from today. To change the legal regulations into your most powerful business handicap!

Need experts to help take care and develop the website of the company to be beautiful, modern and in line with PDPA professionally, right? Consult the Vision X Brain team for free immediately! We are ready to change your website to a reliable success tool.

‍