Thai PDPA
Comply with the PDPA
The Personal Data Protection Act 2019 ('PDPA') is the first consolidated legislation providing general data protection within Thailand and was originally expected to come into full effect on 27 May 2020. This date, however, was postponed until 27 May 2021 due to the COVID-19 ('Coronavirus) pandemic. The PDPA is based on the GDPR and contains many similar provisions, although they differ in areas such as anonymisation. While the PDPC is provided for by the PDPA, which further requires the PDPC to draft and issue sub-regulations on data protection by 27 May 2021, the PDPC has yet to be established.
OneTrust DataGuidance's PDPA Portal provides you with the ability to track developments regarding PDPA and understand its obligations.
PDPA v. GDPR
OneTrust DataGuidance, in collaboration with Blumenthal Richter & Sumet, have produced a PDPA v. GDPR Report, which you can download here, and which assists organisations in understanding and comparing key provisions of the PDPA comparative to the GDPR. You can also leverage this information through our PDPA v. GDPR Comparison in the tab above.
Thailand Privacy Landscape Overview
Watch our Thailand Overview video to understand the state of privacy in Thailand today.
The Bank of Thailand ('BOT') issued, on 24 July 2020, its guidelines ('the Guidelines') on the use of biometric technologies in the financial sector to provide service providers with clearer guidance to comply with international laws and standards on such technologies.
The Bank of Thailand ('BOT') launched, on 5 June 2020, testing for a regulatory sandbox for peer-to-peer ('P2P') lending platforms. In particular, the BOT noted that the regulatory sandbox will ensure the oversight of risks in privacy, cybersecurity, licensing, and financial regulation.
The Ministry for Digital Economy and Society ('MDES') announced, on 28 May 2020, the launch of the Thai Win app for the purposes of tracking and investigating COVID-19 ('Coronavirus') disease control within Thailand.
OneTrust DataGuidance confirmed, on 20 May 2020, with Dhiraphol Suwanprateep and Thananya Chaikamosuk, Partner and Associate respectively, at Baker McKenzie, that the Government of Thailand has approved the draft Royal Decree to post
OneTrust DataGuidance confirmed, on 13 May 2020, with Dhiraphol Suwanprateep and Thananya Chaikamosuk, Partner and Associate respectively, at Baker McKenzie, that, on 12 May 2020, 'the Cabinet [of Thailand] has acknowledged the necessity to pass [a] Draft Royal Decree to postpone the effective date of the Personal Data Protection Act B.E.
The Emergency Royal Decree on Electronic Media Conference B.E. 2556 ('the Decree') was published, on 18 April 2020, in the Royal Gazette of the Kingdom of Thailand.
The Department of Special Investigations ('DSI') of Thailand and the United States Secret Service ('USSS') signed, on 5 March 2020, a Memorandum of Understanding ('MoU') on transnational crime control.
The Department of Special Investigations ('DSI') and the Minister of Justice ('MoJ') published, on 4 February 2020, recommendations on prevention of cybercrime and leaking of CCTV footage.
The Ministry of Digital Economy and Society ('MDES') announced, on 13 January 2020, its intention to establish the National Cybersecurity Office ('the Office'). In particular, the MDES noted that the Office is to be established under the policy directions of the Cybersecurity Act, B.E. 2562 (2019) ('the Act').
The Association of Southeast Asian Nations ('ASEAN') released, on 26 November 2019, the ASEAN Integration Report 2019 ('the Report').
The Global System for Mobile Communications ('GSMA') invited, on 8 November 2019, companies in the IT sector and in other non-regulated sectors, to submit comments on projects for the Regulatory Pilot Space ('RPS').
The Association of Southeast Asian Nations ('ASEAN') published, on 2i November 2019, a statement announcing that the ASEAN Member States had agreed to strengthen cooperation in order to advance the ASEAN transformation to Industry 4.0 ('the Statement').
The Association of Southeast Asian Nations ('ASEAN') released, on 4 November 2019, the ASEAN Plus Three Leaders' Statement on Connecting the Connectivities Initiative ('the Statement').
The Association of Southeast Asian Nations ('ASEAN') issued, on 4 November 2019, the East Asia Summit ('EAS') Leaders' Statement on cooperation to combat transnational crime ('the Statement').
The Association of Southeast Asian Nations ('ASEAN') released, on 25 October 2019, a joint statement from the 19th ASEAN Telecommunications and Information Technology Ministers Meeting and Related Meetings ('the Statement').
OneTrust DataGuidance confirmed, on 28 October 2019, with Dhiraphol Suwanprateep, Partner at Baker & McKenzie Ltd.
As the global focus on data protection continues to increase, so too do the number of countries introducing comprehensive data protection laws or updating existing legislation to bring it in line with European data protection laws and ensure personal data is protected in the digital era.
On May 19, 2020, a Royal Decree was published in the Official Gazette postponing the effective date of the Personal Data Protection Act (‘PDPA’) for one year until 1 June 2021. In this webinar, our expert speakers discuss the key requirements of the PDPA
The Royal Cabinet of Parliament of the Kingdom of Thailand ('the Cabinet') approved, on 19 May 2020, the Royal Decree on the Organizations and Businesses of which Personal Data Controllers are exempted from the Applicability of the Personal Data Protection Act B.E. 2562 (2019) B.E. 2563 (2020) ('the Royal Decree').
Legislation throughout the Asia-Pacific region seeks to define, provide for, and regulate children's privacy rights in a variety of ways. China, for instance, has recently introduced comprehensive measures aimed at protecting children's interests in the use of their personal information.
The Personal Data Protection Act (2019) ('the PDPA') and the Cybersecurity Act (2019) ('the Act') were approved by the National Assembly of Thailand on 28 February 2019.
The Personal Data Protection Act 2019 ('PDPA') entered, on 28 May 2019, into force after publication in the Royal Thai Government Gazette.
DataGuidance confirmed, on 21 September 2018, with Dhiraphol Suwanprateep, Partner at Baker & McKenzie Ltd. Bangkok, that the Ministry of Digital Economy and Society ('MDES') published, on 5 September 2018, a revised draft of the Personal Data Protection Bill ('the Bill') updating a previous draft published in May 2018.
PDPA v GDPR
GDPR Benchmark
This Chart aims at assisting organisations in understanding and comparing key provisions of the GDPR with relevant data protection law from around the globe. This Chart provides a comparison of the following key provisions:
- Scope
- Definitions and legal basis
- Rights
- Enforcement
Each topic includes relevant articles and sections from the law compared, a summary of the comparison, and a detailed analysis of the similarities and differences. The degree of similarity for each section can be identified using the key.
EU-California: GDPR v. CCPA
This analysis has been carried out in collaboration with Future of Privacy Forum. The information in the Chart is also available in a free Report, which you can download here.
EU-Japan: GDPR v. APPI
This analysis has been conducted on the basis of an English unofficial translation of the APPI (as amended) available on the PIPC website. The information in the Chart is also available in a free Report, which you can download here.
EU-Brazil: GDPR v. LGPD
This analysis has been conducted in collaboration with Baptista Luz Advogados. DataGuidance and Baptista Luz Advogados would also like to thank Pereira Neto | Macedo Advogados for their efforts and making a translation of the LGPD available for use. The information in the Chart is also available in a free Report, which you can download here.
EU-Russia: GDPR v. Law on Personal Data
This analysis has been conducted in collaboration with Gorodissky & Partners. This analysis has been conducted on the basis of an English unofficial translation of the Law on Personal Data. The information in the Chart is also available in a free Report, which you can download here.
EU-Thailand: GDPR v. PDPA
This analysis has been conducted in collaboration with Blumenthal Richter & Sumet. The information in the Chart is also available in a free Report, which you can download here.
EU-Australia: GDPR v. Privacy Act
This analysis has been conducted in collaboration with Mills Oakley. The information in the Chart is also available in a free Report, which you can download here.
EU-Nigeria: GDPR v. Nigeria Data Protection Regulation
This analysis has been conducted based on the Nigeria Data Protection Regulation 2019 ('NDPR'). The information in the Chart is also available in a free Report, which you can download here.
EU-Turkey: GDPR v. LPPD
This analysis has been conducted in collaboration with Esin Attorney Partnership. The information in the Chart is also available in a free Report, which you can download here.
EU-Singapore: GDPR v. PDPA
This analysis has been conducted in collaboration with Rajah & Tann Singapore LLP. The information in the Chart is also available in a free Report, which you can download here.
EU-Canada: GDPR v. PIPEDA
This analysis has been conducted in collaboration with Edwards, Kenny & Bray LLP. The information in the Chart is also available in a free Report, which you can download here.
Scope Benchmark
Definitions and Legal Basis Benchmark
- title
- Personal data
- Pseudonymisation
- Controller and processor
- Children
- Research
- Legal Basis
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Rights Benchmark
- title
- Right to deletion
- Right to be informed
- Right to object
- Right to access
- Right not to be subject to discrimination
- Right to data portability
To view this Comparison and more, request your free 7-day trial of the full OneTrust DataGuidance platform
Enforcement Benchmark
