Thailand: Personal Data Protection Act

« Back to Glossary Index

Thailand has established its data privacy laws under the Personal Data Protection Act (PDPA), which was enacted in 2019. The PDPA aims to regulate the collection, use, disclosure, and storage of personal data in Thailand.

Under the PDPA, personal data is defined as any information that identifies an individual or makes them identifiable. This includes names, identification numbers, location data, online identifiers, and other personal information.

The PDPA applies to both private and public sectors, including organizations that process personal data of Thai citizens, regardless of their location. It also requires organizations to obtain consent from individuals before collecting, using, or disclosing their personal data.

The PDPA imposes strict requirements on data controllers and processors, including the implementation of appropriate security measures to protect personal data. Organizations are also required to notify individuals and the relevant authorities of any data breaches.

In addition, the PDPA grants individuals several rights over their personal data, including the right to access, correct, and delete their data. Individuals can also withdraw their consent for the processing of their personal data at any time.

The PDPA establishes a Personal Data Protection Committee, which is responsible for overseeing and enforcing the law. Violators of the PDPA can face fines and imprisonment, depending on the severity of the offense.

Overall, the PDPA is a significant step towards protecting personal data in Thailand and bringing the country in line with other international data privacy standards. Organizations operating in Thailand must ensure that they comply with the PDPA to avoid any penalties or legal consequences.

In summary, the Personal Data Protection Act (PDPA) is Thailand’s primary data privacy regulation law. It applies to both public and private sectors and imposes strict requirements on data controllers and processors. The PDPA grants individuals several rights over their personal data, and organizations must comply with the law to avoid penalties and legal consequences.

Download this Resource