Press enter to see results or esc to cancel.

Our brand new GDPR and Employee Benefits guide is now released!

On the 28th of February, the National Legislative Assembly has endorsed the Thailand Personal Data Protection Act (PDPA), which aims to reinforce the protection of personal information in the Land of Smiles. Although the new law has drawn several key concepts from the EU General Data Protection Regulation (GDPR), these two laws do have different compliance requirements and it is crucial for businesses to understand both laws in order to avoid any breaches and fines.

In light of this, our team of experts at Pacific Prime has compiled an exhaustive guide on the GDPR and Employee Benefits – a welcome addition to our rich collection of guides and reports – to educate our readers on this intricate subject. Get your free copy today to obtain thorough answers to the following questions:

  • What is the GDPR?
  • Who does the GDPR apply to?
  • What are the risks of non-compliance with the GDPR?
  • What are the key GDPR terms you need to know?
  • What should employers be aware of as it pertains to the GDPR?
  • How does the GDPR impact global employee benefit plans?
  • How can your business mitigate GDPR risks?

In this article, we will only provide a pared-down look at some of the valuable contents in our comprehensive guide. So if you are looking to gain access to the complete version of the guide’s key insights and in-depth information, you can download your complimentary copy of our GDPR and Employee Benefits guide here.

Corporate insurance banner

What is the GDPR?

In a nutshell, the GDPR is the latest personal data protection framework in Europe, which has fundamentally reshaped the landscape of data protection on a global scale. The purpose of this new law is to offer greater certainty about security and privacy to individuals, whilst ensuring businesses are open to their customers and staff about what and how information is kept.

The reason that the GDPR has such a far-reaching effect is because the regulation is not only applicable to individuals, organizations, and companies located in the EU, but also those outside the EU as long as they hold personal data of European residents or offer goods/services to them. So a prime example will be brokers and insurers that offer employee benefits to EU residents – they will have to be GDPR-compliant or face the risk of hefty fines.

And if your business has a presence in Europe, it is your responsibility to identify EU/EEA residents within the user base and stick to the regulation for this particular group of users; or apply GDPR-compliant standards to all of its users.

If you are not sure about whether your business has to adhere to the regulation, you may refer to the European Commission’s website for more information.

What are the risks of non-compliance with the GDPR?

Other than its far-stretched jurisdiction and substantial influence, another great concern among businesses as it pertains to the GDPR is its exorbitant fines for non-compliance. Any entities that have committed major infringements, such as violating the basic principles of processing personal data, are subject to a fine of up to EUR 20 million (Baht 71 million), or 4% of their worldwide annual revenue of the previous fiscal year (whichever is greater).

Meanwhile, there also exists some lower-level fines for relatively minor infringements, and those in violation can be fined for up to EUR 10 million (Baht 35 million), or 2% of their worldwide annual revenue of the previous fiscal year (whichever is greater).

In addition to the fines, companies may also have to bear the investigation costs, legal expenses, and additional fines from the data protection regulators of certain countries.

How will the GDPR influence employers and employee benefits?

In this digital era, human resource administrators will inevitably have to handle a whole host of employee data, everything from traditional paper forms of group health and life insurance, to digital products such as health monitoring apps and wearable tech gadgets. Other than employers themselves, third-parties such as employee benefits providers can also store a significant amount of employee data. Hence, it is of utmost importance that these parties meet the compliance requirements of the GDPR to avoid the potentially severe fines, especially since cyber attacks are getting more prevalent these days.

In the meantime, the introduction of the GDPR is making things more complex for multinational enterprises that offer global employee benefits such as international health insurance, as the employer will have to first figure out how to cope with the regulatory obstacles in each jurisdiction and restructure their plans should this be necessary. This may lower the incentives of employers in offering these benefits.

Corporate Insurance CTA Banner

Pacific Prime and the GDPR

As a leading insurance broker and employee benefits solutions expert, Pacific Prime is dedicated to protecting the personal data of our clients and uphold the most stringent GDPR compliant standards. For example, we will only transfer personal data to third parties (i.e. insurers) when it is absolutely necessary for our services, and with the contractual assurances for data protection. On top of that, all of our client and employee data is stored on our server, which is secured by a dual-firewall architecture.

With a specialized Data Protection Officer and our own data protection strategy, we have leveraged our solid relationships with GDPR-compliant insurers to deliver employee benefits solutions to over 3,000 corporate clients, including renowned global multinationals and educational institutions with EU/EEA staff.

If you have anything to ask pertaining to GDPR compliance, download our easy-to-digest GDPR and Employee Benefits Guide to obtain answers to your questions and familiarize yourself with the ins and outs of this subject today.

For a full list of insurance products we offer, you can view our company website. Feel free to contact our experts today for impartial insurance advice, an obligation-free quote, and a plan comparison!


Content Creator at Pacific Prime Thailand
Anthony Chan is a content writer at Pacific Prime. He’s responsible for writing, translating, and editing articles, guides, infographics, leaflets, as well as other resources for Pacific Prime and Kwiksure.

When he’s not working, he’s usually on the hunt for great restaurants, playing badminton, and writing screenplays.