Thailand’s long-awaited Personal Data Protection Act (PDPA) was approved by the National Legislative Assembly today, February 28, 2019. It will now be passed to the monarch to be signed and endorsed, and will then be published in the Government Gazette before passing into law later this year.
Most provisions relating to the collection, use, and disclosure of personal data will come into force one year after publication in the Government Gazette. Several pieces of subordinate legislation will be enacted later on to provide a procedural framework for implementing the provisions of the PDPA, and we will provide updates on that procedural framework as it becomes apparent.
The most significant provisions of the PDPA are:
These provisions are intended to reflect global trends in data privacy legislation, such as the European Union’s GDPR.
Penalties for noncompliance with the PDPA are severe, and any companies collecting any data from those residing in Thailand would be prudent to prepare themselves in advance to ensure that they are in compliance before the PDPA comes into effect.