Kritiyanee Buranatrevedhya

Kritiyanee focuses on data privacy and protection, data analytics, electronic transactions, cloud computing, blockchain, computer crime, and cybersecurity.

She is a Certified Information Privacy Professional/Europe (CIPP/E). She has counseled both international and local companies on the European Union’s General Data Protection Regulation (GDPR), in particular by advising on the differences between the GDPR and Thailand's Personal Data Protection Act (PDPA).

Her previous work included Data Protection and Cyber Security, Technology transactions and ITC regulatory advice, which spanned across various business sectors, including technology, financial services, automotive, insurance, airline, consumer goods & retail, food and beverage, hospitality, and healthcare.

• Advised local companies regarding their obligations under the General Data Protection Regulation (GDPR) as their business operations subjected them to liability and comparison with Thai PDPA.
• Conducted data mapping, identifying gaps from the data mapping results, analysing and providing recommendations on how to close the identified gaps, preparing required legal documents, and strategizing implementation plans.
• Advised various data protection advisory work including: (1) company and government surveillance & interception; (2) the exploitation of personal data in CRM project; (3) data breach requirements, revising breach notification reports, and how to handle breach reports for the public with care; (4) criminal background checks of employees; (5) internal investigation of employee misconduct; (6) email review and retention; (7) CCTV surveillance; (8) implementation of facial recognition software; (9) the use of sensitive data; (10) whistle-blower hotlines/channels; and (11) the use of personal data for AI training for both global and local clients in a variety of industries.
• Prepared and revised Privacy Policies, Consent Forms, Parental Consent Forms, Data Transfer Agreements, Data Processing Agreements, Intra-Group Transfer Agreements, Terms and Conditions, Mobile User Agreements, Data Governance Manuals, Data Breach Response Procedures, HR Data Protection Guidelines, IT Policy Handbooks, IT Monitoring Policies, CCTV notice and warning signs, Data Retention Policies, Direct Marketing Policies, Data Subject Rights Policies/Procedures, and Record of Processing Activities.
• Advised and revised agreements for blockchain-based platform operators handling Thailand's National Digital ID Project.
• Provided legal advice regarding security and data privacy for e-commerce businesses; business expansion for cloud service providers; mobile applications; websites; streaming services; social networking sites; digital content; and online contests,
• Involved in an IT outsourcing project to streamline support activities for the client's operating entity in Thailand through a service hub overseas, allowing the client’s local office to focus on developing its core business and increase sales.
• Guided a digital transaction platform and various other technology companies by providing advice regarding the validity and enforceability of e-signatures, e-transactions, the use of trusted Certificate Authorities and preferences on transforming their traditional operations/services to be electronic based.
• Advised clients with the inception of an e-map service using GPS as a mobile application.
• Provided legal advice in the areas of consumer protection, product liability, product recall, e-contest, internet sweepstakes, advertising, labelling, online activities targeting minors, intermediary liability of internet service providers, hosting immunity, safe harbour, spam mail, email marketing, sms and push notifications, and cold call marketing.

• Honorable Mentions and Ranked by The Legal 500 AP, 2019-2020 as a key lawyer in data privacy area.
• Named as a Rising Star by Managing IP in their Rising Stars Awards Asia-Pacific 2021

• Member, International Association of Privacy Professionals (IAPP)
• Member, Internet Society (ISOC)
• Tax Law Certificate, Central Tax Court, Bangkok, Thailand
• Certified Information Privacy Professional / Europe (CIPP/E)
• British Legal Technology Forum, London, United Kingdom, 2019
• The EU's General Data Protection Regulation and Privacy Management Program organized by IAPP at the Institute for European Studies (IES), Vrije Universiteit Brussel (VUB), Brussels, Belgium, 2018
• The EU's General Data Protection Regulation at the GDPR Summit London, London, 2018
• Cybersecurity conference (referred to as Cyber Week) at Tel Aviv University, Tel Aviv, Israel, 2017
• Singapore FinTech Festival in Singapore, 2016-2017
• Granted a full scholarship to attend Asia-Pacific Internet Governance Academy in University in Seoul, Korea. The Academy is hosted by the Korea Internet & Security Agency (KISA) and the Internet Corporation for Assigned Names and Numbers (ICANN), 2016
• JPAA IP Practitioners Seminar organized by the Japan Patent Attorneys Association, 2013