Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Thailand: PDPA enters into effect
The Personal Data Protection Act 2019 ('PDPA') entered into effect, on 1 June 2022, following two postponements, becoming Thailand's first consolidated data protection law. In particular, the PDPA establishes lawful grounds for data collection, use, and disclosure, including sensitive personal data, controller and processor obligations, as well as data subject rights.
Who does it effect?
More specifically, the PDPA applies to a person or legal person that collects, uses, or discloses the personal data of a natural person, with certain exceptions, and has both territorial and extra-territorial application.
What rights are laid out?
The PDPA sets out the following rights for data subjects:
- right to be informed;
- right to access;
- right to rectification;
- right to erasure;
- right to object/opt-out; and
- right to data portability.
What are the obligations for data controllers and processors?
In this regard, the PDPA outlines a number of requirements, including the adoption of appropriate security measures, the maintaining of records of processing, the appointment of a data protection officer ('DPO'), as well as restrictions on transfers to third countries, including the introduction of adequate protection, and data breach notification.
In addition, the PDPA establishes requirements for controller and processor relationships, noting that such relationships must be governed by an agreement.
Penalties
The PDPA contains penalties for breaches of its provisions, including civil, criminal, and administrative liability with fines of up to THB 5 million (approx. €136,200).
You can read the PDPA here.
OneTrust DataGuidance has released a number of resources to assist with your PDPA compliance:
- Comparing privacy laws: GDPR v. Thai Personal Data Protection Act, available here;
- Thailand Data Protection Overview Guidance Notes, available here;
- Thailand PDPA Insight series (part one, part two, and part three); and
- What you need to know: Thailand PDPA (video) (available here).
For further information and resources on the PDPA, see our Thai PDPA Portal.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
