Upgrade to a premium account to save this to your customizable Workspace
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Thai PDPA
Comply with the PDPA
The Personal Data Protection Act 2019 ('PDPA') is the first consolidated legislation providing general data protection within Thailand and was originally expected to come into full effect on 27 May 2020. This date, however, was postponed until 27 May 2021 due to the COVID-19 ('Coronavirus) pandemic. The PDPA is based on the GDPR and contains many similar provisions, although they differ in areas such as anonymisation. While the PDPC is provided for by the PDPA, which further requires the PDPC to draft and issue sub-regulations on data protection by 27 May 2021, the PDPC has yet to be established.
OneTrust DataGuidance's PDPA Portal provides you with the ability to track developments regarding PDPA and understand its obligations.
PDPA v. GDPR
OneTrust DataGuidance, in collaboration with Blumenthal Richter & Sumet, have produced a PDPA v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the PDPA comparative to the GDPR. You can also leverage this information through our PDPA v. GDPR Comparison in the tab above.
Thailand Privacy Landscape Overview
Watch our Thailand Overview video to understand the state of privacy in Thailand today.
The Electronic Transactions Development Agency (ETDA) issued, on August 28, 2023, a press release detailing recent efforts to push the adoption of the AI Governance Guidelines for Executives, developed by the ETDA's Artificial Intelligence Governance Clinic (AIGC). Specifically, the Guidelines are divided into three sections, covering artificial
On August 25, 2023, the Electronic Transaction Development Agency (ETDA) announced that it had released for public consultation draft amendments to five standard recommendations on the use of biometric technology for electronic transactions, as well as draft recommendations for testing standards for detecting biometric spoofing attacks.
On March 22, 2022, the National Science and Technology Development Agency (NSTDA) announced the approval of ethical guidelines for artificial intelligence (AI). The purpose of these guidelines is to ensure that AI technologies and data science, including AI-driven algorithms, are developed and used in an ethical manner.
On August 17, 2023, the Ministry of Digital Economy and Society published a Royal Decree determining organizations that are exempt from data controller's obligations under the Personal Data Protection Act 2019 (PDPA).
On June 21, 2023, the Ministry of Digital Economy and Society (MDES) issued a press release on the legislative initiatives under the Royal Decree on Digital Platform Service Businesses that Require Notification, B.E.
The Personal Data Protection Committee (PDPC) launched, on July 12, 2023, a public consultation on a draft decree on the appointment of data protection officers (DPOs) by data controllers and processors under the Personal Data Protection Act 2019 (PDPA). If approved, the draft decree provides for its entry into force 90 days from the date of its
The Personal Data Protection Committee ('PDPC') published, on 10 February 2023, a case study in relation to the Personal Data Protection Act 2019 ('PDPA') enforcement.
The Securities and Exchange Commission of Thailand ('SEC') announced, on 17 January 2023, the issuance of regulations requiring digital asset business operators that provide custody of clients' digital assets to establish a digital wallet management system to accommodate efficient custody of digital assets and cryptographic keys and ensure the s
The Royal Decree on Digital Platform Service Businesses that Require Notification, B.E. 2565 ('the Royal Decree') was published, on 23 December 2022, in the Government Gazette.
The Personal Data Protection Commission ('PDPC') announced, on 15 December 2022, the publication, in the Government Gazette, of its Notification on the Criteria and Procedures for Handling Personal Data Breaches, which entered into force on the same date.
The Personal Data Protection Committee ('PDPC') adopted, on 7 September 2022, two sets of guidelines under the Personal Data Protection Act 2019 ('PDPA'), namely the Guideline on requesting consent from the data subjects ('the Consent Guidelines') and the Guideline on procedures for notifying the purpose and details relating to the collection of
The Personal Data Protection Committee ('PDPC') opened, on 29 September 2022, for public hearing, its draft Notification of the Personal Data Protection Committee on Rules and Principles of Appropriate Personal Data Protection for International Transfer.
The Ministry of Internal Affairs and Communications of Japan ('MIC') announced, on 8 August 2022, that it and the Ministry of Digital Economy and Society of Thailand had signed a Memorandum of Cooperation ('MoC') in the field of information and communication digital technology.
The Ministry of Digital Economy and Society ('MDES') announced, on 4 July 2022, that it had renewed its Memorandum of Understanding ('MoU') with Finland on Telecommunication and ICT Cooperation and Digital Technology.
The Cyberspace Administration of China announced, on 5 July 2022, that it and the National Cybersecurity Office of Thailand had signed a Memorandum of Understanding ('MoU') on cybersecurity cooperation.
In line with the intent of the law under the Electronic Transactions Act B.E. 2544 (2001) (ETA) to maintain financial and commercial security and strengthen the reliability and credibility of data message systems, the Royal Decree on Regulating the Digital Platforms which are Subject to Prior Notification B.E.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') came into full force and effect on 1 June 2022. It governs the processing (i.e. the collection, use, and disclosure) of personal data of data subjects residing in Thailand carried out by businesses, defined as persons or legal entities who are data controllers or data processors.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
The Personal Data Protection Act 2019 ('PDPA') is Thailand's first comprehensive data protection legislation, which was originally set to enter into effect on 27 May 2020. However, following two rounds of postponement due to the COVID-19 pandemic, the PDPA has entered into effect on 1 June 2022.
Countries across the APAC region have been introducing comprehensive data protection laws and/or updating existing legislation to ensure personal data is protected in the digital era.
PDPA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
- title
- Personal scope
- Territorial scope
- Material scope
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Enforcement Benchmark
- title
- Monetary penalties
- Supervisory authority
- Civil remedies
Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
