Upgrade to a premium account to save this to your customizable Workspace
Thai PDPA
Comply with the PDPA
The Personal Data Protection Act 2019 ('PDPA') is the first consolidated legislation providing general data protection within Thailand and was originally expected to come into full effect on 27 May 2020. This date, however, was postponed until 27 May 2021 due to the COVID-19 ('Coronavirus) pandemic. The PDPA is based on the GDPR and contains many similar provisions, although they differ in areas such as anonymisation. While the PDPC is provided for by the PDPA, which further requires the PDPC to draft and issue sub-regulations on data protection by 27 May 2021, the PDPC has yet to be established.
OneTrust DataGuidance's PDPA Portal provides you with the ability to track developments regarding PDPA and understand its obligations.
PDPA v. GDPR
OneTrust DataGuidance, in collaboration with Blumenthal Richter & Sumet, have produced a PDPA v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the PDPA comparative to the GDPR. You can also leverage this information through our PDPA v. GDPR Comparison in the tab above.
Thailand Privacy Landscape Overview
Watch our Thailand Overview video to understand the state of privacy in Thailand today.
The Ministry of Digital Economy and Society ('MDES') announced, on 18 March 2021, its aim to accelerate three tasks prior to the enforcement date of the Personal Data Protection Act 2019 ('PDPA').
The Central Bank of the UAE and the Hong Kong Monetary Authority ('HKMA') announced, on 23 February 2021, that they had signed a memorandum of understanding ('MoU') to enhance collaboration on FinTech, with a view to strengthening cooperation in promoting innovative financial services and regulatory development.
The Ministry of Economy, Trade and Industry ('METI') announced, on 25 February 2021, that it had signed with the Ministry of Economy, Trade and Industry and the Ministry of Industry of Thailand a memorandum of understanding for the Establishment of the Japan-Thailand Smart Security Consortium.
OneTrust DataGuidance confirmed with Nop Chitranukroh and Thammapas Chanpanich, Partner and Attorney at Tilleke & Gibbins, that the Ministry of Digital Economy and Society ('MDES') announced, on 1 February, that the Office of Personal Data Protection Commission will arrange public hearing sessions for the first set of subordinate regulations
The Ministry of Digital Economy and Society ('MDES') issued, on 18 January 2021, its statement the progress of the Mor Chana contact tracing app and the protection of personal information when using the app.
The Bank of Thailand ('BOT') announced, on 9 November 2020, the expansion of its cross-agency digital verification testing under its regulatory sandbox to select commercial banks.
The Bank of Thailand ('BOT') issued, on 24 July 2020, its guidelines ('the Guidelines') on the use of biometric technologies in the financial sector to provide service providers with clearer guidance to comply with international laws and standards on such technologies.
The Bank of Thailand ('BOT') launched, on 5 June 2020, testing for a regulatory sandbox for peer-to-peer ('P2P') lending platforms. In particular, the BOT noted that the regulatory sandbox will ensure the oversight of risks in privacy, cybersecurity, licensing, and financial regulation.
The Ministry for Digital Economy and Society ('MDES') announced, on 28 May 2020, the launch of the Thai Win app for the purposes of tracking and investigating COVID-19 ('Coronavirus') disease control within Thailand.
OneTrust DataGuidance confirmed, on 20 May 2020, with Dhiraphol Suwanprateep and Thananya Chaikamosuk, Partner and Associate respectively, at Baker McKenzie, that the Government of Thailand has approved the draft Royal Decree to post
OneTrust DataGuidance confirmed, on 13 May 2020, with Dhiraphol Suwanprateep and Thananya Chaikamosuk, Partner and Associate respectively, at Baker McKenzie, that, on 12 May 2020, 'the Cabinet [of Thailand] has acknowledged the necessity to pass [a] Draft Royal Decree to postpone the effective date of the Personal Data Protection Act B.E.
The Emergency Royal Decree on Electronic Media Conference B.E. 2556 ('the Decree') was published, on 18 April 2020, in the Royal Gazette of the Kingdom of Thailand.
The Department of Special Investigations ('DSI') of Thailand and the United States Secret Service ('USSS') signed, on 5 March 2020, a Memorandum of Understanding ('MoU') on transnational crime control.
The Department of Special Investigations ('DSI') and the Minister of Justice ('MoJ') published, on 4 February 2020, recommendations on prevention of cybercrime and leaking of CCTV footage.
The Ministry of Digital Economy and Society ('MDES') announced, on 13 January 2020, its intention to establish the National Cybersecurity Office ('the Office'). In particular, the MDES noted that the Office is to be established under the policy directions of the Cybersecurity Act, B.E. 2562 (2019) ('the Act').
The Association of Southeast Asian Nations ('ASEAN') released, on 26 November 2019, the ASEAN Integration Report 2019 ('the Report').
As the global focus on data protection continues to increase, so too do the number of countries introducing comprehensive data protection laws or updating existing legislation to bring it in line with European data protection laws and ensure personal data is protected in the digital era.
On May 19, 2020, a Royal Decree was published in the Official Gazette postponing the effective date of the Personal Data Protection Act (‘PDPA’) for one year until 1 June 2021. In this webinar, our expert speakers discuss the key requirements of the PDPA
The Royal Cabinet of Parliament of the Kingdom of Thailand ('the Cabinet') approved, on 19 May 2020, the Royal Decree on the Organizations and Businesses of which Personal Data Controllers are exempted from the Applicability of the Personal Data Protection Act B.E. 2562 (2019) B.E. 2563 (2020) ('the Royal Decree').
Legislation throughout the Asia-Pacific region seeks to define, provide for, and regulate children's privacy rights in a variety of ways. China, for instance, has recently introduced comprehensive measures aimed at protecting children's interests in the use of their personal information.
The Personal Data Protection Act (2019) ('the PDPA') and the Cybersecurity Act (2019) ('the Act') were approved by the National Assembly of Thailand on 28 February 2019.
The Personal Data Protection Act 2019 ('PDPA') entered, on 28 May 2019, into force after publication in the Royal Thai Government Gazette.
DataGuidance confirmed, on 21 September 2018, with Dhiraphol Suwanprateep, Partner at Baker & McKenzie Ltd. Bangkok, that the Ministry of Digital Economy and Society ('MDES') published, on 5 September 2018, a revised draft of the Personal Data Protection Bill ('the Bill') updating a previous draft published in May 2018.
PDPA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
Scope Benchmark
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Enforcement Benchmark
