Thailand’s new Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) is the most comprehensive Thai data privacy law to date. It governs the collection, use and disclosure of personal data within Thailand and sets out the criteria on the transfer of data overseas. PDPA has been published in the Government Gazette on May 27, 2019 and the provisions will come into full force, affecting all businesses and corporations operating in Thailand on June 1, 2022.
PDPA vs GDPR
In general, Thailand’s PDPA is essentially derived from the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”). Although there are many similarities between these two pieces of legislation, adjustments had been made to fit the Thai context.
Immediate assessment of internal personal data governance is vital to protect businesses before the penalties kick in. The PDPA imposes punishment for non-compliance of up to THB 5 million in administrative fines and up to THB 1 million in criminal fines.
THE FORCE BEHIND OUR RIGHTS TO DATA PRIVACY
Since GDPR became enforceable in 2018, the team in Kudun and Partners has invested a special interest in issues related to personal data privacy and data protection. When Thailand’s PDPA was passed in 2019, we were already at the forefront of the Act, providing innovative legal and business solutions to various clients from different industries on this matter.
Since GDPR became enforceable in 2018, the team in Kudun and Partners has invested a special interest in issues related to personal data privacy and data protection. When Thailand’s PDPA was passed in 2019, we were already at the forefront of the Act, providing innovative legal and business solutions to various clients from different industries on this matter.
A comprehensive solution to Data Privacy issues
1
Addressing privacy and data protection issues arising from collection and use of personal information for marketing purposes to protect against liability
2
Setting up employees' personal data protection rules in the workplace, including employee monitoring and communications policies
3
Helping satisfy privacy and data protection standards by preparing intra-group arrangements and third-party data transfer contracts
4
Assisting contracting parties in compliance obligations in sharing internal company data by helping execute complete outsourcing agreements
5
Advising on improving efficiencies and reduce costs in managing data flow across borders
6
Helping to take proactive steps in monitoring employee use of company computer systems to avoid disclosure of trade secrets and other confidential information through electronic means
7
Providing updates on data protection developments through our regular newsletters
