Thailand

The Personal Data Protection Act (PDPA) and Cybersecurity Act are Thailand's primary regulations on personal data protection.

● The Personal Data Protection Act (PDPA) came into force on June 1, 2022. It regulates the collection, protection, use, disclosure, transfer, and other processing of personal data.

● The Cybersecurity Act, B.E. 2562 came into effect in 2019. It aims to prevent and crack down cyber security threats. This Act empowers authorities to supervise cyber security compliance of organizations and agencies operating in Thailand and to handle any illegal actions or procedures that are harmful to computer systems and computer information through computers, computer systems, or malware.

Huawei Cloud white paper Huawei Cloud Compliance with Thailand PDPA shares Huawei's experience and best practices in privacy protection and describes how Huawei Cloud can help you comply with Thailand PDPA.

Major financial regulatory authorities in Thailand include:

● The Bank of Thailand (BoT): BoT was first set up as the Thai National Banking Bureau. It issues and manages currency and is responsible for providing a stable currency, financial, and payment system.

● The Securities and Exchange Commission (SEC): SEC is responsible for overseeing, developing, and managing capital markets in Thailand to ensure market efficiency, fairness, transparency, and integrity.

● The Office of the Securities and Exchange Commission (OSEC): OSEC is responsible for enacting requirements regarding establishing information technology systems for institutions engaged in securities services.

To regulate technological risk control in financial institutions, BoT and OSEC have enacted a series of regulatory requirements, guidelines, and notifications.

● Notification of the Bank of Thailand No. FPG 8/2557, Re: Regulations on Outsourcing of Financial Institutions : For financial institutions that use outsourcing services, the BoT proposes relevant requirements for outsourcing management that financial institutions are required to comply with, and also provides risk management guidelines related to those outsourcing activities.

● Notification of the Bank of Thailand No. FPG 21/2562, Re: Information Technology Risk Regulations of Financial Institutions : The regulations describe IT risk management principles and implementation guidelines to assist financial institutions in establishing a sound and robust technology risk management framework.

● Cloud Computing Practice Guide: This Guide provides guidance for financial institutions using cloud computing. It outlines how to manage the risks involved and implement security controls when using cloud computing services.

● Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 37/2559, Re: Rules in Detail on Establishment of Information Technology System : The Rules set out IT governance and information security management requirements regarding establishing information technology systems for intermediaries engaged in securities services.

● Notification of the Office of the Securities and Exchange Commission No. Nor Por. 3/2559, Re: Guidelines for Establishment of Information Technology System: It is an interpretation of Rules in Detail on Establishment of Information Technology System, and it provides guidelines and best practices to meet the requirements related to the IT governance and information security management.

● SEC Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 38/2565 Re: Rules in Detail on Establishment of Information Technology Systems (2023): The Rules states specific rules released by the Securities and Exchange Commission Office for the construction of IT systems. It specifies how to analyze the confidentiality, integrity, and availability of information systems, and provides guidance for operators on how to assess the risks of, govern, and audit IT systems. Specific control requirements are described in its Appendix 1 to Appendix 4.

● SEC Notification of the Office of the Securities and Exchange Commission No. Nor Por. 7/2565 Re: Guidelines on Establishment of Information Technology Systems (2023): Issued by the Securities and Exchange Commission Office, this Notice describes SEC notices that securities market operators need to comply with and stipulates obligations of securities market operators to prove that they have complied with the requirements of each notice and comply with SEC Notification of the Office of the Securities and Exchange Commission No. Sor Thor. 38/2565 Re: Rules in Detail on Establishment of Information Technology Systems (2023). . .

● OIC Guidelines for Governance and Management for information Technology Risk for Life Insurance Companies B.E.2563 (2020): The Guidelines provides a standard of IT risk supervision and management for life insurance companies in Thailand.

● OIC Guidelines for Governance and Management for information Technology Risk for Non-Life Insurance Companies B.E.2563 (2020): The Guidelines provides a standard of IT risk supervision and management for non-life insurance companies in Thailand.

As a cloud service provider, Huawei Cloud is committed to helping you meet these regulatory requirements and continuously providing you with cloud services and environments that meet financial industry requirements.

Huawei Cloud is committed to providing you with secure infrastructure and services that meet compliance requirements. Each service has built-in security functions and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and service security provided by Huawei Cloud has been reviewed and approved by independent third-party authorities and has earned security certifications from numerous organizations.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

In addition, your services need to meet the corresponding regulatory requirements.

You can download HUAWEI CLOUD Security White Paper to view details about what Huawei Cloud and yourself are responsible for.

For more security and compliance issues, contact us or your account manager.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, including:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF) , and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3(for audit)

Learn more from Compliance Certificates in the Compliance Center.