-
Internal audit
In today's increasingly competitive and regulated market place, organisations - both public and private - must demonstrate that they have adequate controls and safeguards in place. The availability of qualified internal audit resources is a common challenge for many organisations.
-
IFRS
At Grant Thornton, our International Financial Reporting Standards (IFRS) advisers can help you navigate the complexity of financial reporting so you can focus your time and effort on running your business.
-
Audit quality monitoring
Having a robust process of quality control is one of the most effective ways to guarantee we deliver high-quality services to our clients.
-
Global audit technology
We apply our global audit methodology through an integrated set of software tools known as the Voyager suite.
-
Looking for permanent staff
Grant Thornton's executive recruitment is the real executive search and headhunting firms in Thailand.
-
Looking for interim executives
Interim executives are fixed-term-contract employees. Grant Thornton's specialist Executive Recruitment team can help you meet your interim executive needs
-
Looking for permanent or interim job
You may be in another job already but are willing to consider a career move should the right position at the right company become available. Or you may not be working at the moment and would like to hear from us when a relevant job comes up.
-
Practice areas
We provide retained recruitment services to multinational, Thai and Japanese organisations that are looking to fill management positions and senior level roles in Thailand.
-
Submit your resume
Executive recruitment portal
-
Update your resume
Executive recruitment portal
-
Available positions
Available positions for executive recruitment portal
-
General intelligence assessments
The Applied Reasoning Test (ART) is a general intelligence assessment that enables you to assess the level of verbal, numerical reasoning and problem solving capabilities of job candidates in a reliable and job-related manner.
-
Candidate background checks
We provide background checks and employee screening services to help our clients keep their organisation safe and profitable by protecting against the numerous pitfalls caused by unqualified, unethical, dangerous or criminal employees.

-
Capital markets
If you’re buying or selling financial securities, you want corporate finance specialists experienced in international capital markets on your side.
-
Corporate simplification
Corporate simplification
-
Expert witness
Expert witness
-
Family office services
Family office services
-
Financial models
Financial models
-
Forensic Advisory
Investigations
-
Independent business review
Does your company need a health check? Grant Thornton’s expert team can help you get to the heart of your issues to drive sustainable growth.
-
Mergers & acquisitions
Mergers & acquisitions
-
Operational advisory
Grant Thornton’s operational advisory specialists can help you realise your full potential for growth.
-
Raising finance
Raising finance
-
Restructuring & turnaround
Grant Thornton can help with financial restructuring and turnaround projects, including managing stakeholders and developing platforms for growth.
-
Risk management
Risk management
-
Transaction advisory
Transaction advisory
-
Valuations
Valuations
-
Management consulting
Every business faces unique and complex challenges. Challenges are specific and solutions do not translate perfectly from one business to another, which is why you told us you want a fully customised approach to professional services.
-
Strategic insourcing
From time to time, companies find themselves looking for temporary accounting resources. Often this is because of staff leaving, pressures at month-end and quarter-end, or specific short-term projects the company is undertaking.
-
International tax
With experts working in more than 130 countries, Grant Thornton can help you navigate complex tax laws across multiple jurisdictions.
-
Licensing and incentives application services
Licensing and incentives application services
-
Transfer pricing
If your company operates in more than one country, transfer pricing affects you. Grant Thornton’s experts can help you manage this complex and critical area.
-
Global mobility services
Employing foreign people in Australia, or sending Australian people offshore, both add complexity to your tax obligations and benefits – and we can guide you through them.
-
Tax compliance and tax due diligence review services
Tax compliance
-
Value-Added Tax
Value-Added Tax
-
Customs and Trade
Customs and Trade
-
Service Line
グラントソントン・タイランド サービスライン
-
Strategic outsourcing
At Grant Thornton we have experience and skilled teams that can help you with every aspect of Outsourcing from large Shared Service Centres through to small payroll requirements. We can even help you staff-up with temporary resources during busy periods.
-
BUSINESS PROCESS SOLUTION Practical Preparation for PDPA ComplianceOrganisations must effectively assess their personal information collection and use practices to comply with Thailand’s Personal Data Protection Act.
-
TAX AND LEGAL Complying with the PDPA – A Balancing ActOrganisations must be aware of the circumstances in which they are allowed to collect data to comply with Thailand’s Personal Data Protection Act.
-
CONVERSATIONS IN BUSINESS Turning Challenges into Opportunities: How Businesses in Thailand Can Succeed in 2020Despite the challenges facing the Thai economy, businesses in Thailand can succeed in 2020 by reducing overheads, conserving cash, improving efficiency of internal structures, and focusing on customer service.
-
BUSINESS PROCESS SOLUTION Mystery shopping: A pathway to quality, consistency, and adaptationMystery shopping allows companies to identify and correct friction points by gathering data on the standard of service and customer experiences in each branch.
Thailand’s Personal Data Protection Act (PDPA) will enter into effect on May 27th of this year. While official guidelines for complying with the PDPA are still scant, many businesses have recognized the need to review their data collection policies and business processes in preparation for the May 2020 deadline.
In a prior article, we discussed the background and conceptual framework of the PDPA. In this piece, we will take a deep dive and explore implementation issues surrounding data protection and privacy laws by drawing on actual EU case studies involving the GDPR. Given that the PDPA is heavily influenced by the GDPR and has adopted many similar standards, the EU experiences should provide useful lessons for Thai organisations and businesses. In particular, we will look at the rationale for organisations to collect and use personal data on grounds of legitimate interest.
Legitimate interest
While personal data protection laws generally require the individual’s consent for the collection and processing of data, the GDPR and PDPA provide for exemptions where data is collected on grounds of legitimate interest.
Legitimate interest is not defined at law; it is generally deemed to be a circumstance where there is a compelling justification for the collection and use of personal data and where the impact on the individual’s privacy rights is minimal.[1] While this lends flexibility to the law, it also creates vast uncertainty for businesses seeking to maintain compliance. For instance, the GDPR provides examples of fraud prevention and security as potential grounds for legitimate interest.
The UK’s Information Commissioner’s Office (ICO) explains that using the legitimate interest basis for collecting and processing personal data requires a three-pronged test. Firstly, there must be a compelling purpose to use the data. Secondly, the use of data must be necessary. And thirdly, there must be a balancing of the individual’s interests against the legitimate interest. The PDPA also adopts this balancing act – the necessity for the collection and use of personal data must be weighed against the fundamental rights of the individual whose personal data is being used.[2]
The CCTV cases
To consider how legitimate interest plays out in the real world, we look to two cases involving the use of CCTV footage by an employer for disciplinary action that were adjudicated before the Irish Data Protection Commission in 2017.[3]
In the first case, a company offering security services had assigned an employee to serve as a night security officer at a client’s site. The security company had reason to suspect that the employee had been routinely absent from the assigned post and requested the client’s CCTV footage to verify the employee’s location while on duty. The investigation confirmed the employee’s absence and disciplinary actions were imposed. The Data Protection Commission found that the use of the employee’s personal data (i.e. CCTV images) represented a legitimate interest that outweighed the employee’s data privacy rights.
In the second case, there were similar fact patterns, though this time relating to an employee of a toll collection company. Here the employer used CCTV and audio records to confirm that its service engineer employee had threatened the security of client’s toll system. The employee was disciplined and prohibited from servicing the client in the future. Some time later, the employer requested and received the CCTV footage and audio recording of the incident from the client, presumably to keep as record. Here, the Data Protection Commission ruled that toll company did not demonstrate sufficient legitimate interest in disclosing the service engineer’s personal data and was thus in violation of the GDPR.
Making sense
The above cases demonstrate that legitimate interest can be narrowly defined, is time sensitive, and requires a balancing act on a case-by-case basis. The fact that an employer may have legitimate interest to collect or use an employee’s personal data to ensure that the employee had properly performed his or her responsibilities does not imply a blanket exemption.
The collection and use of personal data on grounds of legitimate interest is specific and purpose driven – data must be used for an intended purpose and only during the window of time where such purpose or need exists.
[1] See, https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/.
[2] Refer to Section 24(6) of the PDPA.
Related Content
The Thailand Personal Data Protection Act – and What It Means for Business
On 28 February, the National Legislative Assembly approved the Personal Data Protection Act (“PDPA”). The Act is aimed at regulating the lawful collection, use, or disclosure of personal data that can directly or indirectly identify a natural person – but does not apply to the data of a deceased person. This Act also provides a framework how to process the personal data. The PDPA, which in many ways resembles a similar initiative in Europe (the General Data Protection Regulation, known as GDPR), requires a data controller (a natural person or a legal person), who has the authority to decide to collect, use, or disclose the personal data, to follow guidelines in an effort to protect each data owner.
Read more