Prepare an audit plan (Audit Plan) by defining the objectives, scope of inspection, techniques, procedures, and operational details required by the Personal Data Protection Act 2019
 

Conduct personal data protection audits to ensure that the company has adequate and appropriate personal data protection measures to prevent any unauthorized or misleading collection, use, or disclosure of personal information, as required by the Personal Data Protection Act (2019), covering the following topics:

1. Formation of Privacy Policy and Privacy Notice

2. Maintaining records of personal data processing activities

3. Personal Data Classification

4. Data Protection Impact Assessment and Risk Assessment

5. Management of requests and withdrawals of consent (including Cookie Consent)

6. Management according to the rights of the personal data subject

7. Disclosure of personal information to outside agencies or sending or transferring personal data to agencies abroad (Third Parties / Cross-Border Data Transfer)

8. Deleting, destroying, or making personal information non-personally identifiable after the expiration of the retention period or which is not related to or beyond the necessity to collect that personal data or as requested by the data subject or where the owner of the personal data has withdrawn his consent

9. Management of personal data breach incidents

10. Formation of an agreement between the data controller and the data processor (Data Processing Agreement)

11. Auditing information security controls, such as access controls, storing personal information activity logging (Logs), etc.
     

We met with the company's staff and management to discuss the audit's conclusion and to confirm the correctness of the detected issues, find solutions, and prepare a draft audit report outlining the findings. Clarifications of the company's relevant executives, risks, impacts, and actionable suggestions for improvement to the company's management for acknowledgement.
 

Prepare the final Audit Report and present it to the Audit Committee, including giving advice and answering questions, as well as discussions with the Audit Committee about improvements to the company's operations.