DPO Consulting & Compliance Audit Service

Provide consultation and guidance to the organization and personnel, supporting the work of the Data Protection Officer (DPO) to ensure compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (2019). This is to ensure confidence that the organization's operations adhere to legal requirements, assess risks, develop risk reduction plans, and implement audits to ensure compliance with legal regulations. This is crucial for driving the organization to operate effectively and ensuring that its operations align with both data-related changes and legal requirements.


Details of Service

1. Knowledge Training: Building Awareness of Data Protection Laws

2. Interviews on the workflow of each department to understand the methods of handling personal data, provide recommendations to prepare documentation in accordance with legal requirements. Compiled as a Gap Analysis Report and Treatment Plan

3. Provide consultation on establishing a personal data breach management system, data subject right management, provide advice on practical guidelines in the management of work related to personal data and recommendations for conducting operations and guidance on preparing relevant documentation

4. PDPA audits, review document usage and management processes, and prepare summarized reports for presentation to the management team (1-2 times/ year)

5. Service Duration: 1 year


Service Rates

** Depend on the size and activities of the organization



1. Provide consultation and guidance to the organization on compliance with the Personal Data Protection Act

2. Gap Analysis Report and a Risk Management Treatment Plan

3. Advice on the preparation of documents in accordance with relevant laws

4. Audit Report


This service is suitable for


What the clients need to prepare

1. A company that has appointed a Data Protection Officer and seeks to support the work of the Data Protection Officer (DPO)

1. The company will receive guidance, including instructions for compliance with the provisions of the Personal Data Protection Act

2. The company will undergo audits and receive reports on standards, recommendations, and appropriate operational guidelines for the business

3.Receive consultation on the conduct of business operations

1. Prepare information related to controls for compliance with the PDPA for use in interviews and audits


Related services

1. Internal Audit (IA)

2. Enterprise Risk Management (ERM)


Please contact

Ms. Kantima Humakorn 02-596-0500 ext. 327