Our Services
KAP-Cloud is the affiliation of Kudun and Partners focusing exclusively on data privacy, data protection, and cybersecurity law. As the dedicated Data Privacy and Protection Practice of the firm, our team continue to offer not only data privacy advice but also business solutions through our technology partners for both public and private companies as well as local and international companies in various industries including businesses with the primary purpose of handling personal data of customers or third parties, education, consumer goods, financial institutions, technology service providers, and consulting companies with their data privacy and data security obligations.
Even when new data protection regulations and developing technology increase the complexity of our clients’ compliance obligations, we emphasize on practical solutions for today’s businesses, in line with Kudun and Partners aspiration of providing legal services with a business mind.
Our goal is to understand what’s affecting your business and discuss with you ideas and solutions to help you manage risks, exploit growth opportunities, and deliver advice that is both strategic and commercial.
We assist our clients in assessing their data governance, tighten the noose on potential data security breaches and provide pragmatic solutions in compliant with the law, including:
1. Data Privacy Regulations and Policies
We evaluate the company’s privacy regulations and policies with the purpose of developing rules to safeguard personal data of customers and employees while still pursuing the company’s commercial objectives. We also advise companies on the acquisition and retention of personal data in accordance with applicable legislative and regulatory requirements.
2. Data Analysis/ Gap Analysis Including Data Mining
Using our approach and data mining methodologies, we will work with you to collect and record your compliance status. We make every effort to gather all necessary information from relevant business units in order to complete the audit in the most effective way possible. After the process is completed, you will have a comprehensive understanding of your compliance gaps and how to address them, as well as a set of recommendations.
3. Compliance On Data Transfers, Data Controllers And Data Processor Agreements
We evaluate the company’s privacy regulations and policies with the purpose of developing rules to safeguard personal data of customers and employees while still pursuing the company’s commercial objectives. We also advise companies on the acquisition and retention of personal data in accordance with applicable legislative and regulatory requirements.
4. Data Security Issues On Cloud Storage And Outsourcing Services
More and more workloads are being moved to the cloud by businesses and governments. However, due to persisting worries about data security in cloud computing, some businesses remain resistant to the cloud’s many benefits. The main security risks of cloud computing include but are not limited to compliance violations, identity theft, data breaches and diminished customer trust leading to potential revenue loss. We partner with some of the most innovative tech companies that can help you with your cloud storage and outsourcing needs while keeping you compliant.
5. Data Security Issues On Website and Social Media
According to recent surveys, 80% of individuals are concerned about who has access to personal data on social networking platforms. Nearly a quarter of social media users have been hacked, with the July 2020 Twitter hack sparking greater doubt about the efficiency of the service providers’ security procedures. It is critical to have a full grasp of any platform’s privacy policies to use your social media account, both business and personal, safely and securely. We guide you and provide you with the right questions and solutions so that you will not put personal data at risk.
6. Internal Consents
Consent, legal obligation, public interest, and legitimate interest are all legal justifications for processing personal data under the PDPA. Similar to the GDPR, Thailand’s PDPA mandates that unambiguous, explicit consent must be obtained on or before the acquisition of personal data. The law goes on to state that consent requests should not be false or misleading. We assist you in creating relevant legal documents that request explicit consent and are not misleading.
7. Privacy Notices
We assist you in navigating complicated and often contradictory requirements to develop transparent, concise, and accurate privacy notifications and online privacy policies that notify consumers, vendors, and business partners of your data usage policies.
8. Use of Encryption Devices of Employees
We assist you in developing handheld devices management rules to avoid data leaks in your company as employees increasingly work from their own devices and offsite. In addition, we provide guidance to businesses on employee data and monitoring laws and regulations.
