So far, 132 countries in the world have implemented Data Protection and Privacy Laws. With more and more social and economic activities happening online, these laws ensure data security and privacy. There are many data protection laws globally, but the most well-known is the GDPR (General Data Protection Regulation) of the European Union. Based on the same lines as the GDPR, Thailand has also launched the PDPA (Personal Data Protection Act), originally published on 27th May 2019.
Like the GDPR, the PDPA aims to protect Thai data owners from illegally collecting, using, and sharing their personal information. The PDPA was supposed to be enforced on 27th May 2021. However, it has been postponed to 1st June 2022 due to the global Covid-19 pandemic. Since the PDPA will bring about substantial changes to the present data protection regulatory environment, the extension will allow stakeholders additional time to prepare for its implementation.
Steps to take for PDPA compliance
The data protection obligations under the PDPA generally apply to all organisations that collect, use or disclose personal data in Thailand or of Thai residents, regardless of whether they are formed or recognised under Thai law, and whether they are residents or have a business presence in Thailand. This extraterritorial scope of the PDPA represents a significant expansion of Thailand’s data protection obligations to cover all processing activities relating to Thailand-based data subjects. Businesses must assess their data processing practices and take necessary steps to ensure that they comply with the PDPA.