Upgrade to a premium account to save this to your customizable Workspace
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Thai PDPA
Comply with the PDPA
The Personal Data Protection Act 2019 ('PDPA') is the first consolidated legislation providing general data protection within Thailand and was originally expected to come into full effect on 27 May 2020. This date, however, was postponed until 27 May 2021 due to the COVID-19 ('Coronavirus) pandemic. The PDPA is based on the GDPR and contains many similar provisions, although they differ in areas such as anonymisation. While the PDPC is provided for by the PDPA, which further requires the PDPC to draft and issue sub-regulations on data protection by 27 May 2021, the PDPC has yet to be established.
OneTrust DataGuidance's PDPA Portal provides you with the ability to track developments regarding PDPA and understand its obligations.
PDPA v. GDPR
OneTrust DataGuidance, in collaboration with Blumenthal Richter & Sumet, have produced a PDPA v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the PDPA comparative to the GDPR. You can also leverage this information through our PDPA v. GDPR Comparison in the tab above.
Thailand Privacy Landscape Overview
Watch our Thailand Overview video to understand the state of privacy in Thailand today.
The Royal Decree on Digital Platform Service Businesses that Require Notification, B.E. 2565 ('the Royal Decree') was published, on 23 December 2022, in the Government Gazette.
The Personal Data Protection Commission ('PDPC') announced, on 15 December 2022, the publication, in the Government Gazette, of its Notification on the Criteria and Procedures for Handling Personal Data Breaches, which entered into force on the same date.
The Personal Data Protection Committee ('PDPC') adopted, on 7 September 2022, two sets of guidelines under the Personal Data Protection Act 2019 ('PDPA'), namely the Guideline on requesting consent from the data subjects ('the Consent Guidelines') and the Guideline on procedures for notifying the purpose and details relating to the collection of
The Personal Data Protection Committee ('PDPC') opened, on 29 September 2022, for public hearing, its draft Notification of the Personal Data Protection Committee on Rules and Principles of Appropriate Personal Data Protection for International Transfer.
The Ministry of Internal Affairs and Communications of Japan ('MIC') announced, on 8 August 2022, that it and the Ministry of Digital Economy and Society of Thailand had signed a Memorandum of Cooperation ('MoC') in the field of information and communication digital technology.
The Ministry of Digital Economy and Society ('MDES') announced, on 4 July 2022, that it had renewed its Memorandum of Understanding ('MoU') with Finland on Telecommunication and ICT Cooperation and Digital Technology.
The Cyberspace Administration of China announced, on 5 July 2022, that it and the National Cybersecurity Office of Thailand had signed a Memorandum of Understanding ('MoU') on cybersecurity cooperation.
The Royal Gazette of Thailand published, on 20 June 2022, four laws that accompany the Personal Data Protection Act 2019 ('PDPA'). In particular, the four laws constitute the supplementary laws anticipated by the Ministry of Digital Econom
The Ministry of Digital Economy and Society ('MDES') announced, on 15 June 2022, that it had entered into a Memorandum of Understanding ('MoU') on digital economy and technology with the UK's Department for Digital, Culture, Media and Sport ('DCMS').
The Ministry of Digital Economy and Society ('MDES') published, on 15 June 2022, a statement on the exemption of small and medium-sized enterprises ('SMEs') and community enterprises from the the Personal Data Protection Act 2019 ('PDPA'), and the expected enforcement of the supplementary legislation to the PDPA.
The Ministry of Digital Economy and Society ('MDES') published, on 7 June 2022, a statement on the exemption of mass media businesses from compliance with the Personal Data Protection Act 2019 ('PDPA').
The Personal Data Protection Act 2019 ('PDPA') entered into effect, on 1 June 2022, following two postponements, becoming Thailand's first consolidated data protection law.
The Ministry of Digital Economy and Society ('MDES') published, on 23 May 2022, draft notifications and guidelines under the Personal Data Protection Act 2019 ('PDPA'). In particular, the MDES had introduced eight draft notifications and guidelines under the PDPA to supplement the data protection requirements in Thailand, including:
The Prime Minister of Thailand and the Ministry of Digital Economy and Society ('MDES') announced, on 23 May 2022, that the enforcement day of the Personal Data Protection Act 2019 ('PDPA') is on the 1 June 2022.
The Bank of Thailand ('BOT') announced, on 11 February 2022, that PayPal (Thailand) Limited ('PayPal Thailand') announced that it will temporarily suspend its services to individual customers during the transition of its services on 7 March 2022.
The Ministry of Digital Economy and Society ('MDES') announced, on 12 February 2022, that it had convened, on 10 February 2022, and held the first meeting of the Personal Data Protection Committee ('PDPC').
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
Countries across the APAC region have been introducing comprehensive data protection laws and/or updating existing legislation to ensure personal data is protected in the digital era.
Recently, the Thai Bankers' Association has implemented its Guidelines on Personal Data Protection for Thai Banks ('the Guidelines') to support the operations of the banking sector in accordance with the Personal Data Protection Act 2019 ('PDPA').
PDPA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
