PDPA Preparedness Series: Technical Considerations - Part 1

On March 23, to over 90 registrants, AMCHAM’s Digital Economy Committee presented the fourth episode in the Personal Data Protection Act (PDPA) Preparedness series: Technical Considerations - Part 1. AMCHAM Digital Economy Committee Co-Chair, Waleeporn Sayasit, T.C.C. Technology; introduced guest speaker Alex Cespedes, an Independent Data Protection Consultant; who has over ten years of experience on data risk and compliance across Europe in both public and private sectors.

Alex began his presentation with an overview on what is Personally Identifiable Information (PII) and key practical and technical considerations for organizations to manage and protect data.  He provided answers to common questions surrounding PII. He spoke on how to identify sensitive personal data, freedom of data and its rights, the criteria for establishing high-risk data, and who is responsible for managing the data. Alex also touched on the common lawful grounds and the most important principals that need to be followed for using personal data.

He debunked common myths such as the PDPA not needing the phrase risk management, how any consent can be used as an umbrella for all data collected, and that any data can be processed. He also gave an overview on how organizations can build a typical data protection success story by understanding the personal data the organization processes, identifying the risks to rights and freedoms of data subjects, and determining what one can and cannot process.

The event was followed by a lively question-and-answer session moderated by Digital Economy Committee Co-Chair, Peter Fischbach of ISM Technology Recruitment.