Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) → European Union (GDPR) 🇪🇺
Regulation 2016/679 · EDPB + 27 national DPAs
European Union (GDPR) is regulated by EDPB + 27 national DPAs under Regulation 2016/679 — breach notification within 72 hours.
Certifications: CIPP/E, CIPP/A, CIPM, CIPT (IAPP), ISO/IEC 27001 Lead Auditor, ISO/IEC 27701 Lead Implementer, FIP.
European Union (GDPR) legal regime: Regulation 2016/679 — enforced by EDPB + 27 national DPAs with max fines of €20M or 4% global turnover. Schrems II — TIA required for transfers to non-adequate countries (including Thailand).
Breach notification: 72 hours — 24/7 incident hotline available.
End-to-end: Record of Processing Activities (Art. 30 GDPR · PDPA ม.39) → mapping → control implementation → EDPB + 27 national DPAs registration (where applicable) → ongoing audit.
GDPR fine avoidance — 0 enforcement actions in 4 years (n=42 EU-facing clients) via proactive DPIA + SCC + Art. 27 representative.
Coverage
How it works
- 1
Map Regulation 2016/679
Compliance plan aligned with EDPB + 27 national DPAs.
- 2
Prepare Record of Processing Activities (Art. 30 GDPR · PDPA ม.39)
14-45 working days at 55,000-185,000 บาท.
- 3
Transfer mechanism
SCC + BCR + TIA + adequacy assessment as required.
- 4
Local representative
EU Art. 27 representative — partner in Frankfurt/Dublin.
- 5
DPA registration
Notification/filing with EDPB + 27 national DPAs where required.
- 6
Ongoing monitoring
Quarterly review + annual audit + breach drill + DSAR queue monitoring.
Frequently asked questions
Which law applies in European Union (GDPR)?
Regulation 2016/679
Supervisory authority?
EDPB + 27 national DPAs
Maximum fine?
€20M or 4% global turnover
Breach window?
Within 72 hours.
Market-specific caution?
Schrems II — TIA required for transfers to non-adequate countries (including Thailand).
Local representative required?
Yes — EU Art. 27 / UK representative.
Cross-border transfer requirements?
SCC + TIA + (for CN/RU) data localisation + government security assessment.