DPO as a Service / Outsourced DPO

Legal advice
When do you need a Data Protection Officer (DPO)?

You are required to appoint the DPO if you

  • a  are a public authority or body;
  • b  regularly and systematically monitor data subjects on a large scale, for example, using video surveillance cameras, geolocation, or tracking; or
  • c process a large number of sensitive personal data, in particular related to health, genetics, biometrics, and information on which it is possible to establish racial or ethnic origin, political views, religious or philosophical views
Can the DPO function be outsourced ?

Yes, it can. According to Section 41 of the Thai Personal Data Protection Act B.E. 2562, the data controller or the data processor may have a competent DPO on staff or outsource the function of the DPO.

It is good to have an in-house DPO as he or she understands the processes within your organizations well and is easily accessible. However, it is difficult for the organization to recruit those who have expertise in the data protection law and practices because the data protection law is quite new to Thailand. Those with the good experience and expertise usually come with the high pay rates. Therefore, it is much easier and more cost efficient for the small and medium businesses to outsource the DPO to support their compliance with the data protection law.


Contact us The benefits of our services

Qualified consultants

  • Our specialists have expert knowledge of data protection law and practices with international certificates


  • We provide flexible committed support in order for you to comply with the PDPA
  • If you need additional hours, we are happy to serve you

Lower costs

  • You can save your recruitment costs by using our outsourced DPO services

Contact us today to discuss on your specific requirements for implementation and compliance with the PDPA

Languages »