July 1, 2025
Now halfway through 2025, Thailand continues to advance in the realm of data privacy, with the ambitious goal of achieving zero data breaches. The Personal Data Protection Committee (PDPC), an independent government body established by the Personal Data Protection Act (PDPA), is taking a more proactive approach, having published several rulings and orders to enhance data protection measures and clarify compliance expectations for businesses.
Here is a look back at Thailand’s data privacy developments in the first half of the year.
Strengthening Law Enforcement and New Guidance for Compliance
Enforcement of existing data protection laws and regulations has taken a step forward this year. Some of the specific initiatives include:
Increased enforcement by the PDPC. A key trend to watch from the first half of 2025 is the PDPC’s active enforcement of the PDPA as it intensifies oversight through compliance orders and public warnings against noncompliant organizations while ramping up efforts to prevent and halt the illegal trading of personal data by actively monitoring emerging societal issues.
Call center scams and cyber fraud control. Thailand published an amendment to the Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes to strengthen measures against technological crimes, particularly targeting call center scams and cyber fraud.
Orders from the Expert Committee. Several orders issued by the Expert Committee under the PDPA were announced in the first half of this year. These include directives for data controllers to take corrective actions to comply with the PDPA, as well as initiatives to raise awareness of data privacy within organizations, reflecting the regulator’s focus on promoting organizational awareness and compliance. A guideline report summarizing the Expert Committee’s decisions and orders was also published to serve as a reference for compliance.
Public issue monitoring. The PDPC has been taking a more proactive approach by staying current with high-profile data privacy