Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Thailand: PDPC publishes notification and guidelines on personal data breaches

The Personal Data Protection Commission ('PDPC') announced, on 15 December 2022, the publication, in the Government Gazette, of its Notification on the Criteria and Procedures for Handling Personal Data Breaches, which entered into force on the same date. In particular, the Notification, among other things, provides for a definition of 'personal data breach' under the Personal Data Protection Act 2019 ('PDPA'), and outlines three categories of personal data breaches, namely confidentiality breaches, integrity breaches, and availability breaches. In addition, the Notification specifies the actions that a data controller shall take when suspecting that a personal data breach has occurred, and the factors that must be taken into consideration when conducting a breach assessment.

In addition, the PDPC published, on 16 December 2022, Guidelines on Data Breach Assessments and Personal Data Breach Notifications, to aid data controllers when reporting personal data breaches under the PDPA.

You can read the Notification here and the Guidelines here, both only available in Thai.