GDPR v. Thai Personal Data Protection Act

OneTrust DataGuidance and Blumenthal Richter & Sumet Ltd are pleased to introduce this new report which looks to assist organizations in understanding and navigating the similarities and differences between the GDPR and the Thai Personal Data Protection Act.

Download more from the series: Comparing privacy laws: GDPR v. Nigerian Data Protection Regulation

The Thai Personal Data Protection Act is largely based on the GDPR, and therefore, there are several similarities between the two. For example, both texts have similar provisions regarding the legal basis of processing, as both list consent, performance of a contract, legal obligations, legitimate interests, or vital interests as a legal basis.

Nevertheless, there are some key differences between the PDPA and the GDPR. In particular, unlike the GDPR, the PDPA does not apply to certain public authorities, and the definition of 'personal data' in the GDPR is much more detailed, as it specifically includes IP addresses and cookie identifiers, whilst there is no mention of these in the PDPA.

Comparing Privacy Laws Report 

The GDPR v. Thai Personal Data Protection Act report directly compares key provisions under the GDPR and the PDPA, to assist organizations with achieving global compliance, including;

• Scope
• Key definitions
• Controller and Processor obligations
• Legal basis
• Rights
• Enforcement

The new report also aims to assist organizations to comply with both laws by highlighting the challenges associated with their differences in a helpful side-by-side comparison. 

Visit the OneTrust DataGuidance Resource Library for more reports from the Comparing Privacy Laws series as well as webinars, whitepapers, and infographics.