PDPA for GDPO I ep.4 เมื่อลูกค้าขอให้ลบข้อมูลส่วนบุคคล ต้องลบไหม
Summary
TLDRThe video explains how financial institutions handle customer requests for data deletion under Thai law. Even if a customer asks for their data to be deleted, the company must retain records for at least 10 years due to PDPA and AMLO regulations, especially to prevent money laundering and comply with financial reporting requirements. The discussion covers scenarios where accounts are closed or ongoing, emphasizing that customer consent is not required for legally mandated retention. It also highlights the importance of documenting requests, informing customers of retention reasons, and following internal compliance procedures for risk management and regulatory audits.
Takeaways
- 😀 Customers may request deletion of their personal data, but financial institutions cannot always comply due to legal obligations.
- 😀 Financial institutions are considered data controllers and must manage personal data in compliance with the law.
- 😀 The Personal Data Protection Act (PDPA) and Anti-Money Laundering Office (AMLO) regulations require retention of certain financial records.
- 😀 Data related to financial transactions must be retained for at least 10 years after account closure or contract termination.
- 😀 Customer consent is not required for retaining data if retention is legally mandated.
- 😀 Deletion requests should be refused with a clear explanation citing the legal basis for retention.
- 😀 All refusals and relevant details (date, time, reason) must be properly recorded for regulatory inspections.
- 😀 Even if a contract is canceled early, data must still be kept for the prescribed retention period.
- 😀 Privacy notices or consent forms should inform customers about mandatory retention periods and reasons for data storage.
- 😀 Staff must verify customer identity before processing any data-related requests to ensure proper compliance.
- 😀 Retention of data is essential for preventing money laundering and monitoring large financial transactions, including gold, gems, real estate, and electronic payments.
- 😀 The law sets a maximum retention period of up to 15 years in certain circumstances, although the standard period is 10 years.
- 😀 Employees should follow structured procedures to handle deletion requests while ensuring legal compliance and proper documentation.
Q & A
Why can't a company delete customer data when requested, according to the script?
-A company cannot delete customer data when requested because legal regulations often require certain data to be retained for a specified period (e.g., 10 years) to comply with laws such as anti-money laundering and financial regulations.
What is the legal basis for retaining customer data for up to 10 years?
-The legal basis for retaining customer data for up to 10 years is primarily to comply with laws related to anti-money laundering (AML) and other financial regulations. These laws require businesses to store certain transaction and customer data for extended periods for inspection and regulatory purposes.
Can customers request the deletion of their data after they have closed their account?
-While customers may request the deletion of their data after closing an account, the company may be unable to fulfill this request if the data is required by law to be retained for a set period, such as 10 years.
What are the exceptions to deleting customer data?
-The main exception to deleting customer data is when the data is necessary for legal compliance, such as preventing fraud, money laundering, or meeting other regulatory requirements. In these cases, the company is legally obligated to retain the data for a specified period.
How should companies inform customers about data retention requirements?
-Companies should inform customers about data retention requirements through clear privacy notices or privacy announcements. These notices must state that the company will retain data for a specific period (e.g., 10 years) even after the customer relationship ends.
What should a company do if a customer insists on data deletion?
-If a customer insists on data deletion, the company must explain that the data is being retained due to legal requirements, such as anti-money laundering laws. The company should provide a clear reason and cite the relevant laws to justify the retention.
Does the customer have the right to refuse the retention of their data after account closure?
-No, the customer does not have the right to refuse the retention of their data after account closure if the data is required by law. Financial regulations mandate that data must be retained for specific periods, and customers cannot opt out of this requirement.
What types of financial services are impacted by these data retention regulations?
-Financial services such as loans, electronic payments, ATM transactions, credit cards, and currency exchange are impacted by these data retention regulations. These services are subject to anti-money laundering laws, which require the retention of customer and transaction data.
What are the potential consequences if a company fails to comply with these data retention laws?
-If a company fails to comply with data retention laws, it could face legal penalties, fines, or regulatory action. This could result in significant financial and reputational damage to the business.
Why is it necessary for companies to verify customer identities, as mentioned in the script?
-It is necessary for companies to verify customer identities to prevent fraud, money laundering, and ensure that the company is complying with legal and regulatory requirements. Verifying identities helps ensure that customers are legitimate and that financial transactions are legal.
Outlines
Esta sección está disponible solo para usuarios con suscripción. Por favor, mejora tu plan para acceder a esta parte.
Mejorar ahoraMindmap
Esta sección está disponible solo para usuarios con suscripción. Por favor, mejora tu plan para acceder a esta parte.
Mejorar ahoraKeywords
Esta sección está disponible solo para usuarios con suscripción. Por favor, mejora tu plan para acceder a esta parte.
Mejorar ahoraHighlights
Esta sección está disponible solo para usuarios con suscripción. Por favor, mejora tu plan para acceder a esta parte.
Mejorar ahoraTranscripts
Esta sección está disponible solo para usuarios con suscripción. Por favor, mejora tu plan para acceder a esta parte.
Mejorar ahoraVer Más Videos Relacionados
คอร์สเรียน PDPA พรบ.คุ้มครองข้อมูลส่วนบุคคล EP.2 ความหมายของ PDPA คืออะไร
คอร์สเรียน PDPA พรบ.คุ้มครองข้อมูลส่วนบุคคล EP.6 สิทธิของเจ้าของข้อมูลส่วนบุคคลที่ทำได้ตาม PDPA
[01] Mengenal Aksara Thailand (Konsonan) || Belajar Bahasa Thailand
ทำความรู้จักกับ NDID (การยืนยันตัวตนรูปแบบดิจิทัล) - ประตูสู่โลกดิจิทัล
Flask AJAX Tutorial: Basic AJAX in Flask app | Flask casts
Open Banking e Open Finance
5.0 / 5 (0 votes)
