How does Kooru Data Shield differ from engaging a traditional law firm for PDPA compliance?

Traditional law firms and general PDPA consultants typically conclude their engagement by delivering a set of paper documents — policy templates, gap reports, and written recommendations. Kooru Data Shield goes significantly further: it provides a purpose-built SaaS (Software-as-a-Service) platform that enables your organisation to manage its Record of Processing Activities (ROPA) and Data Subject Access Requests (DSARs) on an automated, ongoing basis. The system is designed for operational simplicity — no specialist IT knowledge is required — and is available at a fraction of the cost of retaining traditional legal counsel for equivalent compliance outcomes.

What is included in the ฿5,900 Starter Package, and how quickly will I receive deliverables?

The ฿5,900 Starter Package comprises two core deliverables: (1) a Gap Analysis Report, which systematically identifies your organisation's current data protection risk exposures and areas of non-compliance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA); and (2) a PDPA Roadmap, providing a structured, prioritised action plan tailored to your business context. Upon receipt of all required organisational information, the preliminary report is delivered within three (3) business days. This package is designed to give business owners and executives a clear, actionable picture of where they stand — and precisely what must be done to achieve and maintain compliance.

Does Kooru Data Shield support sensitive personal data for clinics and healthcare operators?

Yes. Kooru Data Shield includes a dedicated Healthcare Package specifically engineered for operators who process special categories of personal data — including health records, medical histories, and clinical information — as defined under Section 26 of Thailand's PDPA. This package places particular emphasis on Data Protection Impact Assessments (DPIAs), a mandatory requirement under the PDPA where processing activities are likely to result in high risk to data subjects. System configurations are aligned with applicable health data security standards and are structured to support regulatory inspection and audit readiness, including review by the Office of the Personal Data Protection Committee (PDPC).

Where is data stored within Kooru Data Shield, and what security standards apply?

All organisational data processed through Kooru Data Shield is stored on Supabase — an enterprise-grade, globally recognised database infrastructure that applies end-to-end encryption both at rest and in transit. Critically, the platform is configured such that your organisation retains 100% ownership of its data account. Kooru's role is limited to that of a system implementer and service provider; Kooru does not access, use, or commercialise your data in any form. This architecture is designed to satisfy the data controller obligations imposed on your organisation under Sections 37 and 40 of the PDPA.

Can employees without any IT background use the Kooru Data Shield system effectively?

Absolutely. Kooru Data Shield has been designed from the ground up with non-technical end users in mind. The user interface mirrors the intuitive experience of a standard website — navigation is straightforward, and data entry is structured around simple, guided form inputs. No specialist IT knowledge or legal training is required for day-to-day operation. To further support your team, the platform provides a comprehensive Thai-language video tutorial library, accessible on-demand, allowing staff to revisit guidance at any time without dependency on external support.

How does the automated ROPA system benefit business owners compared to maintaining a manual spreadsheet?

Under Section 39 of Thailand's PDPA, data controllers are legally required to maintain an accurate and current Record of Processing Activities (ROPA). The conventional approach — maintaining a static Excel spreadsheet — is both labour-intensive and inherently prone to gaps, omissions, and version-control errors. Kooru Data Shield's automated ROPA module directly integrates with your actual operational workflows. When a new processing activity occurs, the system records it automatically, eliminating the administrative burden of manual updates. This significantly reduces the risk of incomplete records — a common source of regulatory exposure during an audit or inspection by the PDPC.

What does the ฿14,900 annual maintenance fee cover?

The ฿14,900 annual maintenance fee provides comprehensive ongoing coverage across four key areas: (1) AI-powered system updates — the platform is automatically updated to reflect new regulations, notifications, and enforcement guidelines issued by the Office of the Personal Data Protection Committee (PDPC / สคส.); (2) SaaS platform licensing — full access to all platform modules and features; (3) automated data backup — your compliance records and audit trails are continuously backed up to ensure data integrity and business continuity; and (4) dedicated support — access to the Kooru support team for operational queries, technical issues, and compliance guidance throughout the subscription period.

Can Kooru Data Shield genuinely help protect my business from PDPA fines of up to ฿5 million?

Under Thailand's PDPA, administrative fines of up to ฿5,000,000 may be imposed for serious violations, while criminal penalties can include imprisonment. However, regulatory authorities and courts consistently take into account the degree of intent and the steps taken by an organisation to achieve compliance when determining sanctions. A robust, documented compliance programme — including a verifiable Audit Trail — constitutes compelling evidence of good faith and reasonable effort. Kooru Data Shield automatically generates and preserves this Audit Trail across all processing activities, consent records, and DSAR responses. While no system can guarantee immunity from enforcement action, the presence of a structured, demonstrable compliance framework is widely recognised as a material factor in mitigating penalty exposure.

Can Kooru Data Shield integrate with our existing CRM or POS systems?

Yes. Kooru Data Shield supports integration with your existing business systems, including CRM platforms and point-of-sale (POS) solutions, via Next.js-based connectors. This integration enables consent collection and processing activity logging to operate seamlessly within your current workflows — eliminating data silos and ensuring that consent records captured across different touchpoints are consolidated within a single, auditable compliance system. The result is a unified data governance infrastructure that reflects your actual operational reality, rather than a parallel compliance layer that exists in isolation.

Why should I begin PDPA compliance today rather than waiting until an incident occurs?

Reactive PDPA compliance — implemented only after a data breach or regulatory complaint — is invariably more costly than proactive compliance. The financial exposure of a post-incident response encompasses regulatory fines of up to ฿5,000,000, legal and litigation costs, potential civil liability to affected data subjects, and — critically — reputational damage that may be irreversible. Commencing with the ฿5,900 Starter Package today represents the most cost-efficient means of assessing and managing your compliance risk. Every day without a functioning PDPA compliance framework is a period of unmitigated legal and financial exposure. The question is not whether compliance is necessary — under Thai law, it is mandatory for any organisation that collects, uses, or discloses personal data — but rather how much the absence of it will ultimately cost.

PDPA for SMEs Simple to Use. No IT Team Required.

A fully integrated Personal Data Management System
(PDPA-compliant), with automated ROPA + DPIA
Purpose-built for SMEs | Easy to implement.

🛡️ Personal Data Management System (PDPA) with DPIA

Concerned About PDPA Fines
of Up to THB 5 Million?

An automated PDPA system built for SMEs — starting from just ฿5,900. Simple to use. No IT expertise required.

🎯 Start Your Free Readiness Assessment 🎬 View System Demo

Challenges SMEs Are Facing

Are any of these situations familiar to you?

😕

Uncertain about what steps are required to achieve full PDPA compliance

😰

Worried about data breaches, legal liability, and reputational damage

💸

Traditional consultancy fees are prohibitive — often reaching six to seven figures

😵

Enterprise systems are overly complex and ill-suited to SME operations

🔕

Staff lack awareness, and there is no system for monitoring or escalation

📂

Documents scattered across multiple locations with no centralised repository

Our Solution

An all-in-one system purpose-built for SMEs — delivering a ready-to-use platform with ongoing support.

📋

Automated ROPA

Comprehensively records all personal data processing activities across every business function

🔍

DPIA Workflow

Step-by-step risk assessment — structured, transparent, and nothing overlooked

✅

Consent Management

Automated consent lifecycle management, complete with a DSAR Portal

📊

Compliance Dashboard

Real-time visibility into your PDPA compliance status and risk exposure

💰 Up to 10× more cost-effective than traditional consultancy 🔧 Fully configurable — no developer required

Package Comparison

Select the package that best suits the scale and needs of your business

Feature	Package 1 ฿5,900Assessment	Package 2 ฿41,300Complete	Package 3 Contact SalesHealthcare
Implementation Period	3 business days	14–21 business days	30–60 business days
SaaS Platform	✗	✓	✓
ROPA Database	3-process template	✓ Full coverage	✓ + Healthcare
DPIA Workflow	✗	✓	✓ Advanced
Consent Management	✗	✓	✓
DSAR Portal	✗	✓	✓ Multi-channel
Policy Documentation	3 sample templates	10+ full suite	15+ Healthcare-specific
Training	✗	✓ Video + slides	✓ + Workshop
Cybersecurity	✗	✗	✓ Netbright
Penetration Testing	✗	✗	✓ Annual
Best Suited For	Organisations assessing their current readiness	SMEs with 10–50 employees	Hospitals, clinics & pharmaceutical businesses

Package Details

📦

Assessment

For organisations beginning their PDPA compliance journey

~~฿9,900~~ ฿5,900 40% discount

⏱ Delivered within 3 business days

What You Will Receive

Gap Analysis Report (12–15 pages) with a readiness percentage score
PDPA Roadmap outlining prioritised actions and sequencing
ROPA Template covering 3 core business processes
30-minute consultation via Line

Get Started with This Package

⭐ Recommended for SMEs

🚀

Complete System

For SMEs with 20–50 employees seeking end-to-end PDPA compliance

~~฿59,900~~ ฿41,300 30% discount

⏱ Implementation period: 14–21 business days

Full PDPA System

ROPA Database covering all business processes
Automated Consent Management Workflow
DSAR Portal for handling data subject requests (30-day response cycle)
Vendor Assessment Module for third-party due diligence

Documentation & Training

Full policy suite: Privacy Policy, Security Policy, NDA & more (10+ documents)
E-learning video series (5 modules) + HR slide decks
Complimentary support for the first 6 months

Select This Package

🏥

Healthcare Excellence

Hospitals / Clinics / Pharmaceutical Businesses

Contact Sales

⏱ Implementation period: 30–60 business days

Everything in Complete, plus:

Cybersecurity Integration (Netbright)
NIS2 Directive Alignment
Medical Data Handling Protocols
Healthcare DPIA Templates (EMR, Telemedicine)
Incident Response & Data Breach Playbook
Annual Penetration Testing
On-site Workshop for clinical and medical teams
Compliance Report for submission to the Ministry of Public Health

Request a Quotation

Get Started Today

Speak with a specialist at no cost, or explore the platform before you commit. No obligation.

🎯 Book a Free 30-Minute Assessment 📥 Download Free PDPA Checklist 🎬 Watch the 5-Minute Demo

✦ Trusted by 15+ organisations

✦ International-grade technology

✦ Starting from ฿5,900

📧 sale@kooru.com 💬 Line: @106nlopr 📞 062-939-4144

All enquiries responded to within 24 hours (Mon–Fri, 10:00–16:00)

PDPA : Frequently Asked Questions

Q1 — How does Kooru Data Shield differ from engaging a traditional law firm for PDPA compliance?
Traditional law firms and general PDPA consultants typically conclude their engagement by delivering a set of paper documents — policy templates, gap reports, and written recommendations. Kooru Data Shield goes significantly further: it provides a purpose-built SaaS (Software-as-a-Service) platform that enables your organisation to manage its Record of Processing Activities (ROPA) and Data Subject Access Requests (DSARs) on an automated, ongoing basis. The system is designed for operational simplicity — no specialist IT knowledge is required — and is available at a fraction of the cost of retaining traditional legal counsel for equivalent compliance outcomes.
Q2 — What is included in the ฿5,900 Starter Package, and how quickly will I receive deliverables?
The ฿5,900 Starter Package comprises two core deliverables: (1) a Gap Analysis Report, which systematically identifies your organisation's current data protection risk exposures and areas of non-compliance with Thailand's Personal Data Protection Act B.E. 2562 (PDPA); and (2) a PDPA Roadmap, providing a structured, prioritised action plan tailored to your business context. Upon receipt of all required organisational information, the preliminary report is delivered within three (3) business days. This package is designed to give business owners and executives a clear, actionable picture of where they stand — and precisely what must be done to achieve and maintain compliance.
Q3 — Does Kooru Data Shield support sensitive personal data for clinics and healthcare operators?
Yes. Kooru Data Shield includes a dedicated Healthcare Package specifically engineered for operators who process special categories of personal data — including health records, medical histories, and clinical information — as defined under Section 26 of Thailand's PDPA. This package places particular emphasis on Data Protection Impact Assessments (DPIAs), a mandatory requirement under the PDPA where processing activities are likely to result in high risk to data subjects. System configurations are aligned with applicable health data security standards and are structured to support regulatory inspection and audit readiness, including review by the Office of the Personal Data Protection Committee (PDPC).
Q4 — Where is data stored within Kooru Data Shield, and what security standards apply?
All organisational data processed through Kooru Data Shield is stored on Supabase — an enterprise-grade, globally recognised database infrastructure that applies end-to-end encryption both at rest and in transit. Critically, the platform is configured such that your organisation retains 100% ownership of its data account. Kooru's role is limited to that of a system implementer and service provider; Kooru does not access, use, or commercialise your data in any form. This architecture is designed to satisfy the data controller obligations imposed on your organisation under Sections 37 and 40 of the PDPA.
Q5 — Can employees without any IT background use the Kooru Data Shield system effectively?
Absolutely. Kooru Data Shield has been designed from the ground up with non-technical end users in mind. The user interface mirrors the intuitive experience of a standard website — navigation is straightforward, and data entry is structured around simple, guided form inputs. No specialist IT knowledge or legal training is required for day-to-day operation. To further support your team, the platform provides a comprehensive Thai-language video tutorial library, accessible on-demand, allowing staff to revisit guidance at any time without dependency on external support.
Q6 — How does the automated ROPA system benefit business owners compared to maintaining a manual spreadsheet?
Under Section 39 of Thailand's PDPA, data controllers are legally required to maintain an accurate and current Record of Processing Activities (ROPA). The conventional approach — maintaining a static Excel spreadsheet — is both labour-intensive and inherently prone to gaps, omissions, and version-control errors. Kooru Data Shield's automated ROPA module directly integrates with your actual operational workflows. When a new processing activity occurs, the system records it automatically, eliminating the administrative burden of manual updates. This significantly reduces the risk of incomplete records — a common source of regulatory exposure during an audit or inspection by the PDPC.
Q7 — What does the ฿14,900 annual maintenance fee cover?
The ฿14,900 annual maintenance fee provides comprehensive ongoing coverage across four key areas: (1) AI-powered system updates — the platform is automatically updated to reflect new regulations, notifications, and enforcement guidelines issued by the Office of the Personal Data Protection Committee (PDPC / สคส.); (2) SaaS platform licensing — full access to all platform modules and features; (3) automated data backup — your compliance records and audit trails are continuously backed up to ensure data integrity and business continuity; and (4) dedicated support — access to the Kooru support team for operational queries, technical issues, and compliance guidance throughout the subscription period.
Q8 — Can Kooru Data Shield genuinely help protect my business from PDPA fines of up to ฿5 million?
Under Thailand's PDPA, administrative fines of up to ฿5,000,000 may be imposed for serious violations, while criminal penalties can include imprisonment. However, regulatory authorities and courts consistently take into account the degree of intent and the steps taken by an organisation to achieve compliance when determining sanctions. A robust, documented compliance programme — including a verifiable Audit Trail — constitutes compelling evidence of good faith and reasonable effort. Kooru Data Shield automatically generates and preserves this Audit Trail across all processing activities, consent records, and DSAR responses. While no system can guarantee immunity from enforcement action, the presence of a structured, demonstrable compliance framework is widely recognised as a material factor in mitigating penalty exposure.
Q9 — Can Kooru Data Shield integrate with our existing CRM or POS systems?
Yes. Kooru Data Shield supports integration with your existing business systems, including CRM platforms and point-of-sale (POS) solutions, via Next.js-based connectors. This integration enables consent collection and processing activity logging to operate seamlessly within your current workflows — eliminating data silos and ensuring that consent records captured across different touchpoints are consolidated within a single, auditable compliance system. The result is a unified data governance infrastructure that reflects your actual operational reality, rather than a parallel compliance layer that exists in isolation.
Q10 — Why should I begin PDPA compliance today rather than waiting until an incident occurs?
Reactive PDPA compliance — implemented only after a data breach or regulatory complaint — is invariably more costly than proactive compliance. The financial exposure of a post-incident response encompasses regulatory fines of up to ฿5,000,000, legal and litigation costs, potential civil liability to affected data subjects, and — critically — reputational damage that may be irreversible. Commencing with the ฿5,900 Starter Package today represents the most cost-efficient means of assessing and managing your compliance risk. Every day without a functioning PDPA compliance framework is a period of unmitigated legal and financial exposure. The question is not whether compliance is necessary — under Thai law, it is mandatory for any organisation that collects, uses, or discloses personal data — but rather how much the absence of it will ultimately cost.