Support Centre
Thai PDPA
Back

Thai PDPA

Comply with the PDPA

The Personal Data Protection Act 2019 ('PDPA') is the first consolidated legislation providing general data protection within Thailand and was originally expected to come into full effect on 27 May 2020. This date, however, was postponed until 27 May 2021 due to the COVID-19 ('Coronavirus) pandemic. The PDPA is based on the GDPR and contains many similar provisions, although they differ in areas such as anonymisation. While the PDPC is provided for by the PDPA, which further requires the PDPC to draft and issue sub-regulations on data protection by 27 May 2021, the PDPC has yet to be established.

OneTrust DataGuidance's PDPA Portal provides you with the ability to track developments regarding PDPA and understand its obligations.

PDPA v. GDPR

OneTrust DataGuidance, in collaboration with Blumenthal Richter & Sumet, have produced a PDPA v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the PDPA comparative to the GDPR. You can also leverage this information through our PDPA v. GDPR Comparison in the tab above.

Thailand Privacy Landscape Overview


Watch our Thailand Overview video to understand the state of privacy in Thailand today.

See all Thailand News
08 October 2021

Thailand: ETDA revises recommendations for standard on digital identity verification

The Electronic Transaction Development Agency ('ETDA') announced, on 30 September 2021, revisions to its original standard on digital identity verification in order to be consistent with the usage context.

Standards and Frameworks, Cybersecurity,
03 September 2021

Thailand: BoT issues preparation for compliance letter on PDPA

The Bank of Thailand ('BoT') issued, on 31 August 2021, a preparation for compliance with the Personal Data Protection Act 2019 ('PDPA') within an official letter to banks and financial institutions.

Legal Reform, Financial Services,
31 August 2021

Thailand: Bangkok Airways issues statement on cybersecurity attack

Bangkok Airways Public Company Limited issued a statement, on 26 August 2021, notifying on its website of a cybersecurity attack which resulted in unauthorised and unlawful access to its information system.

Cybersecurity, Incident Response, Incident and Breach,
19 August 2021

Thailand: MDES announces launch of the NCSA

The Ministry of Digital Economy and Society ('MDES') announced, on 18 August 2021, the launch of the National Cyber Security Agency ('NCSA') under the Office of the National Cyber ​​Security Commission.

Cyber Risks and Threats, Cybersecurity,
30 July 2021

Thailand: BOT publishes guidelines on blockchain technologies for financial services

The Bank of Thailand ('BOT') published, on 27 July 2021, its guidelines on blockchain technologies for financial services.

Privacy Impact Assessments, Anti-money Laundering & Countering the Financing of Terrorism, Blockchain,
28 July 2021

Thailand: TBA publishes data protection guidelines for banking services

The Thai Bankers' Association ('the TBA') published, on 29 April 2021, its Guidelines on Personal Data Protection for Thai Banks, highlighting what banks should be aware of when considering privacy and data protection issues, and what steps are needed to comply with the upcoming legislation.

Privacy Impact Assessments, Fair and Lawful Processing, Purpose Specification, Financial Services,
28 June 2021

International: Japan and Thailand sign MoC on smart security

The Ministry of Economy, Trade, and Industry in Japan announced, on 28 June 2021, that it along with the Ministry of Industry of Thailand had signed a memorandum of cooperation ('MoC') to strengthen the smart system of industrial security in Thailand.

Artificial Intelligence, Internet of Things,
18 May 2021

International: AXA IPA confirms ransomware attack impacting operations in Malaysia, Thailand, Hong Kong and Philippines

The Inter Partner Assistance ('IPA'), international partners of AXA UK Plc, confirmed, on 17 May 2021, that their information technology networks and operations in Malaysia, Thailand, Hong Kong, and Philippines were impacted by a ransomware attack.

Breach Notification - To Authorities, Incident and Breach,
10 May 2021

Thailand: Postponement of the PDPA receives royal assent and published within the Royal Gazette

The Royal Gazette of Thailand published, on 8 May 2021, the Decree postponing the enforcement date of the Personal Data Protection Act 2019 ('PDPA').

Legal Reform,
05 May 2021

Thailand: Cabinet approves draft decree postponing enforcement of PDPA for another year

The Ministry of Digital Economy and Society ('MDES') announced, on 5 May 2021, that the Cabinet of Thailand had approved a draft decree which would further postpone the enforcement of the Personal Data Protection Act 2019 ('PDPA') until 1 June 2022.

Legal Reform,
29 April 2021

Thailand: PDPA second postponement under consideration

OneTrust DataGuidance confirmed, on 29 April 2021, with Dhiraphol Suwanprateep, Partner at Baker McKenzie Ltd, that Thai officials have been considering a second postpoment to the Personal Data Protection Act B.E. 2562 (2019) ('PDPA').

Legal Reform, Supervisory Authority,
19 March 2021

Thailand: MDES aims to publish new guidance before PDPA enforcement

The Ministry of Digital Economy and Society ('MDES') announced, on 18 March 2021, its aim to accelerate three tasks prior to the enforcement date of the Personal Data Protection Act 2019 ('PDPA').

Enforcement - Other, Legal Reform, Facilitation of Data Subject Rights, Right To Be Informed,
02 March 2021

International: UAE Central Bank and HKMA sign MoU on FinTech

The Central Bank of the UAE and the Hong Kong Monetary Authority ('HKMA') announced, on 23 February 2021, that they had signed a memorandum of understanding ('MoU') to enhance collaboration on FinTech, with a view to strengthening cooperation in promoting innovative financial services and regulatory development.

Financial Services, Information Technology,
25 February 2021

International: Japan and Thailand sign MoU on smart security

The Ministry of Economy, Trade and Industry ('METI') announced, on 25 February 2021, that it had signed with the Ministry of Economy, Trade and Industry and the Ministry of Industry of Thailand a memorandum of understanding for the Establishment of the Japan-Thailand Smart Security Consortium.

Cybersecurity, Information Technology,
04 February 2021

Thailand: PDPC to hold hearings for subordinate regulations under PDPA

OneTrust DataGuidance confirmed with Nop Chitranukroh and Thammapas Chanpanich, Partner and Attorney at Tilleke & Gibbins, that the Ministry of Digital Economy and Society ('MDES') announced, on 1 February, that the Office of Personal Data Protection Commission will arrange public hearing sessions for the first set of subordinate regulations

Legal Reform, Supervisory Authority,
18 January 2021

Thailand: MDES issues statement on personal information protection of Mor Chana contact tracing app

The Ministry of Digital Economy and Society ('MDES') issued, on 18 January 2021, its statement the progress of the Mor Chana contact tracing app and the protection of personal information when using the app.

Apps, Personal Data, Data Subject, Privacy Notices, Supervisory Authority,
See all Thailand Insights
Aug 2021

Thailand: Data protection guidelines for Thai banks

Recently, the Thai Bankers' Association has implemented its Guidelines on Personal Data Protection for Thai Banks ('the Guidelines') to support the operations of the banking sector in accordance with the Personal Data Protection Act 2019 ('PDPA').

Privacy Impact Assessments, Consent, Data Controller, Data Processor, Financial Data, Financial Services,
Jun 2020

International: Update on status of privacy related legislation from APAC region

As the global focus on data protection continues to increase, so too do the number of countries introducing comprehensive data protection laws or updating existing legislation to bring it in line with European data protection laws and ensure personal data is protected in the digital era.

Legal Basis, Enforcement - Penalties, Legal Reform, Personal Data, Incident and Breach, Mechanisms - Adequate Protection,
Jun 2020

Key Takeaways: Thailand's PDPA postponement

On May 19, 2020, a Royal Decree was published in the Official Gazette postponing the effective date of the Personal Data Protection Act (‘PDPA’) for one year until 1 June 2021. In this webinar, our expert speakers discuss the key requirements of the PDPA

Accountability, Enforcement - Other, Legal Reform, Supervisory Authority,

PDPA v GDPR

GDPR Benchmark

Request a jurisdiction

This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:

  1. Scope
  2. Definitions and legal basis
  3. Rights
  4. Enforcement

Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.

Scope Benchmark

Request a jurisdiction
    title
  • Personal scope
  • Territorial scope
  • Material scope
  • Argentina

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Definitions and Legal Basis Benchmark

Request a jurisdiction
    title
  • Personal data
  • Pseudonymisation
  • Controller and processor
  • Children
  • Research
  • Legal Basis
  • Argentina

    • Fairly consistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly inconsistent

    • Fairly inconsistent

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Rights Benchmark

Request a jurisdiction
    title
  • Right to deletion
  • Right to be informed
  • Right to object
  • Right to access
  • Right not to be subject to discrimination
  • Right to data portability
  • Argentina

    • Inconsistent

    • Fairly consistent

    • Fairly inconsistent

    • Fairly consistent

    • Fairly consistent

    • Inconsistent

  • Australia

    • Inconsistent

    • Fairly consistent

    • Inconsistent

    • Fairly consistent

    • Consistent

    • Inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Enforcement Benchmark

Request a jurisdiction
    title
  • Monetary penalties
  • Supervisory authority
  • Civil remedies
  • Argentina

    • Fairly consistent

    • Fairly consistent

    • Fairly consistent

  • Australia

    • Fairly consistent

    • Fairly consistent

    • Fairly inconsistent

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Company

Our Policies

Your Rights

© OneTrust, LLC. All Rights Reserved.
The materials herein are for informational purposes only and do not constitute legal advice.