The law requires an organisation to protect personal data in its possession or under its control by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. The destruction of electronically stored personal data should be appropriate for the level of sensitivity of the data involved. It should be noted that even if a file is deleted from the hard disk, it is possible to recover such deleted files. Measures such as secure erasure, degaussing and incineration can reduce the chance of this happening. The penalty and fine for breaching data protection law in Thailand is a serious offence: Crime Penalty Imprisoned up to 1 year, or fine up to 1 million baht, or both. Civil Penalty In case there is any actual damaged occurred, compensate 2 times of the actual damage caused. Administrative Penalty Fine up to 5 millions baht. This round table serves to prepare the C level to provide all necessary leadership on setting up the right team and accountability from role of processing data - " data controller", "data processor", "data owner". How to handle incidents if it occured or a reported breach? What are the impact to business? Why the check list of data protections compliance is critical? What level of training needed? When, where and how to monitor? How to get trained? Who will audit? In the 3 hours, leaders gets to learn and exchange their thoughts on best practices.