BodhiReach
Company Benefits Solutions Testimonials
Get Guidance
PDPA compliance solutions

// service_catalogue.v2

Three Ways We Support PDPA Compliance

From a foundational gap assessment to a fully outsourced DPO function — Bodhi Reach provides structured support at whatever stage your organisation requires it.

Back to Home

// methodology

Our Compliance Approach

Each engagement begins with a clear understanding of your organisation's data processing activities. We do not apply frameworks before understanding the context. Services can be taken individually or in sequence — most clients progress from an assessment through to documentation, with some continuing to ongoing DPO advisory.

1 Assess
2 Document
3 Monitor & Respond

SVC_001

PDPA Compliance Assessment

A comprehensive gap analysis against Thailand's PDPA requirements, covering lawful basis mapping, data inventory preparation, consent mechanism evaluation, data subject rights procedures, and cross-border transfer assessment. Covers both data controller and data processor obligations with attention to sector-specific interpretive guidance issued by the PDPA Committee.

Deliverables include:

  • Data flow mapping and inventory review
  • Lawful basis assessment for each processing activity
  • Consent mechanism and privacy notice review
  • Cross-border transfer assessment
  • Risk-prioritised compliance roadmap with timeline

Fixed fee

฿8,200

Typical timeline

2–4 weeks

Enquire
PDPA compliance assessment
Privacy documentation

SVC_002

Privacy Policy & Documentation Suite

Preparation of a complete PDPA documentation package tailored to your organisation's specific data processing activities. All documents are prepared in bilingual format. Includes ROPA template configuration and DPIA methodology guidance so your team has the frameworks needed for ongoing documentation obligations.

Package includes:

  • External privacy notices (Thai & English)
  • Internal data handling policies
  • Data processing agreements (DPA templates)
  • Consent forms and data subject request templates
  • Data breach notification procedures
  • ROPA configuration and DPIA methodology

Fixed fee

฿22,000

Typical timeline

3–6 weeks

Enquire

SVC_003

Data Protection Officer Advisory & Incident Response

Outsourced DPO advisory services for organisations that need ongoing compliance support without the overhead of an in-house DPO appointment. Covers real-time advisory during data incidents including breach severity assessment, notification timeline compliance, and regulatory communication drafting. Quarterly compliance status reports provided to management.

Service includes:

  • Ongoing compliance monitoring and advisory
  • Staff awareness programme development
  • Regulatory inquiry response support
  • Data breach incident management and notification
  • Quarterly compliance status reports with trend analysis

Annual retainer

฿35,500

Engagement type

Ongoing retainer

Enquire
DPO advisory and incident response

// feature_matrix

Choose the Right Service

Review what each service delivers to find the appropriate fit for your organisation's current compliance needs.

Feature Assessment
฿8,200		 Documentation Suite
฿22,000		 DPO Advisory
฿35,500
PDPA gap analysis
Compliance roadmap
Privacy notices (bilingual)
ROPA configuration
Ongoing advisory access
Incident response support
Quarterly trend reports

Best for:

Assessment

Organisations new to PDPA compliance, or those seeking an independent view of their current compliance standing before committing to further investment.

Best for:

Documentation Suite

Organisations that have identified documentation gaps or require a complete set of PDPA-compliant documents tailored to their actual data processing activities.

Best for:

DPO Advisory

Organisations requiring ongoing compliance support, incident response capability, and a structured record of data protection activities for management and regulatory purposes.

// delivery_standards

Standards Applied Across All Services

Client Data Protection

All client information shared during engagements is handled under strict confidentiality provisions and retained only for the period necessary for service delivery.

Secondary Review Process

Every deliverable is reviewed by a second advisor before issue, verifying legal accuracy and alignment with current PDPA requirements.

Direct Advisor Contact

Clients have direct access to the advisor responsible for their engagement — not a general support queue — throughout the duration of the work.

Regulatory Currency

Deliverables reflect current PDPA enforcement positions. Material regulatory changes affecting active engagements are communicated to clients.

Not Sure Where to Start?

Contact us to describe your organisation's situation. We will outline which service is the most practical starting point and answer any questions about what to expect from each engagement.

Start a Conversation