ข้ามไปยังเนื้อหาหลัก

EU GDPR Compliance Pack (Regulation 2016/679)

European Data Protection Board (EDPB) + national DPAs · For EU-facing SaaS · International e-commerce · Cross-border HR/payroll

From 185,000-650,000 บาท30-90 working days
083-249-4999 Chat on LINE

EU GDPR Compliance Pack (Regulation 2016/679) is a core privacy-program deliverable issued under European Data Protection Board (EDPB) + national DPAs — protects against DPA fines, sustains customer trust, supports vendor audits and M&A privacy DD.

Certifications: CIPP/E, CIPP/A, CIPM, CIPT (IAPP), ISO/IEC 27001 Lead Auditor, ISO/IEC 27701 Lead Implementer, FIP.

EU GDPR Compliance Pack (Regulation 2016/679) takes 30-90 working days at 185,000-650,000 บาท — includes gap analysis + drafting + implementation + training + ongoing support.

We coordinate with PDPC Thailand, EDPB and destination DPAs across Schrems II adequacy jurisdictions.

Privacy program coverage: PDPA Pack · GDPR Pack · CCPA · DPO · DPIA · ROPA · SCC/BCR · Breach · CMP · DSAR · Privacy Policy · ISO/IEC 27701.

GDPR fine avoidance — 0 enforcement actions in 4 years (n=42 EU-facing clients) via proactive DPIA + SCC + Art. 27 representative.

Coverage

🇹🇭 For Thailand (PDPA)
PDPA B.E. 2562
🇪🇺 For European Union (GDPR)
Regulation 2016/679
🇬🇧 For United Kingdom (UK GDPR + DPA 2018)
UK GDPR + Data Protection Act 2018
🇺🇸 For California (CCPA/CPRA)
CCPA 2018 + CPRA 2020
🇸🇬 For Singapore (PDPA 2012)
Personal Data Protection Act 2012
🇦🇺 For Australia (Privacy Act 1988)
Privacy Act 1988 + APP
🇯🇵 For Japan (APPI)
Act on Protection of Personal Information (APPI)
🇰🇷 For South Korea (PIPA)
Personal Information Protection Act (PIPA)
🇨🇳 For China (PIPL)
Personal Information Protection Law 2021
🇧🇷 For Brazil (LGPD)
Lei Geral de Proteção de Dados
🇦🇪 For UAE (Federal PDPL 2021)
Federal Decree-Law No. 45 of 2021
🇮🇳 For India (DPDPA 2023)
Digital Personal Data Protection Act 2023

How it works

  1. 1

    Data discovery + mapping

    System audit + data-owner interviews + identification of processing activities + data-flow diagram.

  2. 2

    Gap analysis + risk

    Map against PDPA/GDPR/CCPA + risk register + DPIA for high-risk processing.

  3. 3

    Drafting + controls

    Draft policies + procedures + DPA + consent + security controls per NIST SP 800-53 / ISO 27001.

  4. 4

    Implementation + training

    Roll out CMP/DSAR portal + train DPO + staff awareness + privacy-by-design checklist.

  5. 5

    Audit + ongoing support

    Annual audit + monthly DPO report + breach drills + ROPA refresh + DPA inspection prep.

Frequently asked questions

Who needs EU GDPR Compliance Pack (Regulation 2016/679)?

EU-facing SaaS, International e-commerce, Cross-border HR/payroll and any organisation processing personal data.

Total cost?

185,000-650,000 บาท, scaling with size and number of processing activities.

Timeline?

30-90 working days — faster if ISO 27001 baseline exists.

Is a DPO mandatory?

PDPA Sec. 41 mandates DPOs for public authorities, large processors, and sensitive data — GDPR Art. 37 mirrors the trigger.

Can we notify PDPC within 72 hours?

Triage likelihood + severity within 24h → notify decision within 72h — Tier-1 incident runbook included.

What is required for cross-border transfers?

PDPA Sec. 28: SCC, BCR, adequacy, consent, or derogation — we draft SCC + TIA.

DSAR SLA?

GDPR 30 days (extend 60) · PDPA 30 days · CCPA 45 days (extend 90) — DSAR portal tracks all.

Does ISO 27701 require ISO 27001?

Yes — 27701 is an extension of 27001 (combined implementation 9-12 months).

Related services

Thailand PDPA Compliance Pack (PDPA B.E. 2562) CCPA/CPRA Compliance (California Consumer Privacy Act) DPO Appointment Service (PDPA & GDPR) DPIA (Data Protection Impact Assessment) Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) SCCs + BCRs (International Data Transfer) IP Rights Citizenship