Category: Featured

The Asialaw Profiles 2023 rankings have been released, and Blumenthal Richter & Sumet (BRS) has received a ranking for Real Estate in the highest tier for this category in Thailand. Our Real Estate practice was ranked as “Highly Recommended”.

It is commented in the editorial of the rankings that BRS “assists both international and domestic companies in expanding into new markets, growing their businesses and navigating regulatory frameworks”.

The rankings are determined based on independent market research, interviews, client feedback, peer reviews and law firm submissions. Factors that have a large impact on the rankings include type of work handled by the law firms, client service and strength of the practice. Achievements that are above what is normally expected, including engagement in the legal community, legal advocacy and corporate social responsibility initiatives, are taken into account.

Asialaw Profiles is a guide to the leading law firms in Asia.

Blumenthal Richter & Sumet (BRS) attended the “Hear the Future, the Future is Here: Summer Legal Internship Fair 2023” at Chulalongkorn University, on 14 September 2022. The university organized lectures to prepare students for applying to internships and law firms provided information about their internship programs, including BRS where our team members gave out information on our Summer Internship Program for Young Lawyers 2023.

BRS is inviting 3rd and 4th year law students as well as new graduates from Thailand to apply for our internship program which will last for eight weeks from June to July 2023. Interns will have the opportunity to work on a variety of matters in practices including Corporate and M&A, Tax and Customs, Real Estate as well as Litigation and Dispute Resolution. In the event you would like more information, please visit here to read about our Summer Internship Program for Young Lawyers 2023.

Anuwat Ngamprasertkul and Piniti Chomsavas

The public and private sectors have had around three years to study, check their readiness and adapt to comply with the Personal Data Protection Act B.E. 2562 (2019) (“Personal Data Act”) from the date of publication in the Government Gazette on 27 May 2019 until the date the law was fully enforced on 1 June 2022. The Personal Data Act is a new law that introduces legal principles aimed at protecting the rights of personal data subjects and controlling the collection, processing or disclosure of personal data by data controllers or data processors. In the early stages of enforcement, there may be obstacles to compliance unless there are guidelines and awareness of the legal burdens and penalties in particular.

From the author’s experience of studying the law, the Personal Data Act and the General Data Protection Regulation, including guidelines for interpretation and judgments of various agencies in the European Union, have provided opportunities for organizations to prepare for and comply with personal data protection laws. Therefore, the author would like to provide the steps to prepare for compliance with the Personal Data Act to create awareness, enhance understanding and identify related legal issues. The steps are as follows.

1. Data Discovery to determine whether the organization collects, processes or discloses “personal information”, and to be able to identify the status and roles of data controllers or data processors as defined under the law to determine different obligations and liabilities as required by the law.

2. Data Classification to categorize the types of personal data that exist, including sensitive personal data under the Personal Data Act, and determine whether personal data has a high risk of causing damage to data subjects.

3. Purpose Identification to evaluate and review the purposes for the collection, processing or disclosure of personal data, and attempt to reduce the unnecessary storage of personal data (data minimization).

4. Legal Basis by obtaining consent to process the personal data of the data subject above, or have other legal bases that allow the collection, processing or disclosure of personal data.

5. GAP Analysis by assessing whether the organization has performed its duties in full compliance with the law as well as the extent that activities related to personal data have exposed it and the impact on data subjects in order to determine the proper safeguards.

6. PDPA Compliance by preparing the relevant documents, policies, procedures and guidelines for compliance with the law by providing complete documentation and procedures as required by the law such as privacy notice, consent forms, data processing agreements with personal data processors and practice guidelines to reduce risks by establishing policies, regulations or guidelines within the organization and arranging training for employees or related personnel.

Understanding the Personal Data Act, analyzing potential legal issues and establishing guidelines for preparing to comply with personal data protection laws are very important and useful to both lawyers and law enforcement agencies in reviewing the readiness of organizations and the award of penalties, including business operators who are obliged to comply with the law either as data controllers or data processors and most importantly all data subjects who are protected under the Personal Data Act.

The above article is an abstract. In the event you would like to read the full article (in the Thai language), please visit the website of the Office of Judicial and Legal Affairs.

Disclaimer:

The article above is general information only and is not intended to be relied on or be a substitute for specific professional advice. Blumenthal Richter & Sumet Ltd. will not accept responsibility for any losses or damages that are incurred by any person taking an action because of the information in this article.

In the event you have any questions regarding the above regulations or PDPA compliance, please contact Anuwat Ngamprasertkul, Partner as well as Head of Litigation and Dispute Resolution and Co-Head of Tech-Media-Telecoms (TMT) at Blumenthal Richter & Sumet, at [email protected] or +662-022-1022.

Blumenthal Richter & Sumet has opened applications for the firm’s Summer Internship Program for Young Lawyers 2023, which will take place from June to July 2023. Applicants have to send their CV, cover letter, transcript and application form (details below) by 31 October 2022 to [email protected].

 

Blumenthal Richter & Sumet (BRS) is hiring a Junior Lawyer to work in Corporate and Real Estate. Interested candidates should please send their resume and references to [email protected].

We offer attractive remuneration and the opportunity to develop professionally in an established international legal practice. All applications will be treated as strictly confidential. Only shortlisted candidates will be notified.

BRS assists clients to make confident business decisions. We are commercial and responsive. Efficient and pragmatic. And in a fast-changing world, we create simplicity for clients in the face of increasing complexity for them to make the right decisions, achieve their strategic priorities and identify new opportunities. We take the time to understand each of our client’s unique needs, and provide a solutions-driven commercial view with real in-depth knowledge of clients’ sectors and markets.

For over 40 years, our licensed Thai, European and U.S. attorneys have worked at our clients’ side, understanding their business while serving as a trusted counterpart who knows the law. Assisting clients as a team, we collaborate with them to navigate not only the legal issues but the regulatory aspects impacting their business sectors.

The Tax and Customs practice at Blumenthal Richter & Sumet has been nominated for the Thailand Tax Disputes Firm of the Year Award in the International Tax Review Asia-Pacific Tax Awards 2022. The awards celebrate the top tax, transfer pricing as well as tax disputes teams and practitioners in the region. Also, the awards recognize achievements in tax technology, innovation, policy, compliance and reporting as well as diversity, equity and inclusion.

The winners will be announced on 25 August 2022.

Please visit the International Tax Review website for the full list of nominations.

Anuwat Ngamprasertkul and Piniti Chomsavas

On 20 June 2022, the Personal Data Protection Committee (“PDPC”) announced 4 new sub-regulations of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) in the Royal Gazette. The PDPA was fully enforced on 1 June 2022 after it was postponed for 3 years to provide more time to all business operators to prepare for compliance.

The new sub-regulations are as follows:

1. PDPC Notification RE: Exception to the Record of Data Processing Activities for Small-Sized Organizations

This regulation provides an exemption from maintaining a full Record of Data Processing Activities (“ROPA”) to small-sized organizations as follows:

• Small and medium enterprises
• Community enterprises
• Social enterprises
• Household enterprises
• Cooperatives
• Foundations, Associations, Religious Organizations and NGOs

However, such small-sized organizations will not be exempt if they are:

• a service provider that is required to record computer traffic under the Computer Crime Act; or
• those who collect, process or disclose personal data as follows:
  • personal data that affects the rights and freedom of data subjects;
  • personal data that is not collected, processed or disclosed temporarily; or
  • sensitive personal data under Section 26 of the PDPA.

This sub-regulation will reduce the cost of preparing and maintaining the ROPA for small-sized organizations. However, small and medium enterprises are highly recommended to have a data inventory to explore the personal data lifecycle which flows inside and outside their organization in order to determine the proper lawful bases, safeguards, policies, documentation and other measures for compliance with the PDPA.

This regulation is effective from 21 June 2022 onwards.

2. PDPC Notification RE: Data Security Measures of Data Controllers

This regulation sets out the minimum requirements for data controllers to implement adequate technical, physical and organizational data security measures to prevent the unauthorized or unlawful loss, access, use, change, amendment or disclosure of personal data.

Data controllers are required to raise the awareness of employees and related persons to understand and ensure compliance with internal policies and procedures, for example, by arranging training on the PDPA.

Also, data controllers are required to ensure that the data processor has adequate measures to protect data security. Data controllers should add clauses on this to the Data Processing Agreement with the data processor.

This regulation is effective from 21 June 2022 onwards.

3. PDPC Notification RE: Criteria for Rendering Administrative Penalties by Specialist Committee

This regulation sets out the administrative authority granted by the PDPC to the Specialist Committee in its review of administrative penalties for violations of the PDPA.

The Specialist Committee shall review the administrative penalties based on the criteria as follows:

• Details of the violation, especially in the case of intentional and willful misconduct, gross negligence or lack of reasonable care;
• Severity of the violation;
• Business size of the data controller or data processor;
• Result of mitigation or reduction of damage to the data subject from administrative penalties that will be enforced;
• Impact of administrative penalties on the data subject, data controller, data processor, offender and related business or third party operators broadly;
• Severity of violations and amount of damages;
• Standard of administrative fines and enforcement measures previously used on other data controllers or data processors in similar offenses (if any);
• Previous administrative penalties enforced against data controllers and data processors including relevant persons of the juristic entity;
• Standard of responsibilities of the data controller at the time of violation;
• Code of ethics, business practice and standard of data security implemented by the data controller or data processor at the time of violation;
• Remedy and mitigation of damage by the data controller or data processor when they have knowledge of a violation;
• Compensation paid to a data subject; and
• Other related facts.

The administrative penalties or measures are ranked from a warning to orders to take corrective action, refrain from non-compliance, prohibit specific actions and limit personal data processing as well as a fine. A failure to pay a fine within the specified period will lead to a seizure, attachment or auction sale.

This regulation is effective from 21 June 2022 onwards.

4. PDPC Notification RE: Criteria and Methodology to Prepare and Maintain the ROPA for Data Processors

Data processors are required to record and maintain in the ROPA at least the details as follows:

• Name and information of the data processor and sub-data processor (if any);
• Name and information of the data controller who engages the data processor and its agent (if any);
• Name and information, contact details and method to contact the data protection officer (if any);
• Category and information of collection, process and disclosure of personal data which is processed under the instruction or on behalf of the data controller, including details of the personal data and purpose which is designated by the data controller;
• Category of the person or organization who will receive the cross-border transfer of personal data (if any); and
• Details of security measures pursuant to Section 40 paragraph 1 (2) of the PDPA.

The ROPA may be in written or electronic form and is required to be kept in the event of an inspection by the Data Controller or PDPC. Also, it must be easily accessible at the request of a designated person.

The Data Processor’s ROPA has fewer elements compared to the Data Controller’s requirements, but there may be cases where the company has both roles when processing personal information for different purposes. Therefore, it is recommended for the data processor to determine which personal data they collected, processed and disclosed beyond the responsibility as a data processor under any other lawful basis, or as a data controller for their own personal data usage, for the details to be recorded in their own ROPA.

This regulation will be effective in 180 days after 20 June 2022 which is 17 December 2022 onwards.

In the event you have any questions regarding the above regulations or PDPA compliance, please contact Anuwat Ngamprasertkul, Partner as well as Head of Litigation and Dispute Resolution and Co-Head of Tech-Media-Telecoms (TMT) at Blumenthal Richter & Sumet, at [email protected] or +662-022-1022.

Blumenthal Richter & Sumet (BRS) is hiring an attorney in the firm’s Litigation and Dispute Resolution practice with 1-3 years’ experience. Interested candidates should please send their resume and references to [email protected].

We offer attractive remuneration and the opportunity to develop professionally in an established legal practice. All applications will be treated as strictly confidential. Only shortlisted candidates will be notified.

Blumenthal Richter & Sumet is commercial, responsive and efficient. In a fast-changing world, we create simplicity for clients in the face of increasing complexity for them to make the right decisions, achieve their strategic priorities and identify new opportunities. We take the time to understand each of our client’s unique needs, and provide advice with in-depth knowledge of your sectors and markets.

For over 40 years, our licensed Thai, European and U.S. attorneys have worked at our clients’ side, understanding their business while serving as a trusted counterpart who knows the law. Assisting clients as a team, we collaborate with them to navigate not only the legal issues but the regulatory factors impacting their business sectors.

Blumenthal Richter & Sumet (BRS) is hiring an individual with 3+ years’ experience in the firm’s Tax practice group who will also work on Corporate matters. Interested candidates should please send their resume and references to [email protected].

We offer attractive remuneration and the opportunity to develop professionally in an established legal practice. All applications will be treated as strictly confidential. Only shortlisted candidates will be notified.

Blumenthal Richter & Sumet is commercial, responsive and efficient. In a fast-changing world, we create simplicity for clients in the face of increasing complexity for them to make the right decisions, achieve their strategic priorities and identify new opportunities. We take the time to understand each of our client’s unique needs, and provide solutions with in-depth knowledge of your sectors and markets.

For over 40 years, our licensed Thai, European and U.S. attorneys have worked at our clients’ side, understanding their business while serving as a trusted counterpart who knows the law. Assisting clients as a team, we collaborate with them to navigate not only the legal issues but the regulatory aspects impacting their business sectors.

Mr. Teerasitsathaporn is a highly energetic individual who brings a high level of passion and commitment to every case that he handles. With over 25 years of experience, he is well-versed in handling both domestic and foreign clients and has a proven track record in handling a broad range of complex, high-stakes civil and criminal cases for multinational companies, SMEs, and individuals in Thailand.

Mr. Teerasitsathaporn additionally has expertise in customs law, where he has significant experience in helping clients resolve disputes over customs assessments and submitting appeals to the Board of Appeal (BOA) at the Customs Department. He is also well-versed in filing complaints to revoke BOA decisions, which demonstrates his strong advocacy skills. Mr. Teerasitsathaporn has also gained extensive experience in prosecuting and defending against fraud, forgery, and other white-collar crime matters.

Before becoming a partner at Blumenthal Richter & Sumet, Mr. Teerasitsathaporn was a partner and a commercial lawyer at a well-established international law firm with offices in Thailand, where he was entrusted to advise clients on various litigation, corporate and commercial matters.

He is a member of the Thai Bar Association and the Chartered Institute of Arbitrators, and he previously served as the Director of the Notary Public Certification Examination Committee.

In September 2020, he was appointed as an arbitrator by the Thai Arbitration Institute (TAI) and is authorized to carry out the duties of an arbitrator for cases held at the TAI.