Personal Data Protection Act of Thailand

Personal Data Protection Act of Thailand

The personal data protection act of Thailand is pretty much similar to European Unions GDPR and India’s PDPA. It offers similar fundamental rights to the citizens of Thailand as mentioned in the gdpr and pdpb of india.

27 May 2020 is the date of enforcement for The Personal Data Protection Act of Thailand (PDPA). PDPA imposes new rules on organizations in Thailand and those that offer goods and services to people in Thailand, or that collect and analyse data tied to Thai citizens, no matter where they are located.

Enhanced Personal Privacy Rights

PDPA gives 7 fundamental rights to the Thai citizens, which can not be breached

Mandatory Data Breach Reporting

Organizations have to report data/security breach to the authorities within 72 hours

Increased Duty for Protecting Data

Businesses have to take strong data security countermeasures

Significant Penalties for Non-compliance

Non compliance with PDPA may cost organizations penalties of upto THB 5 million.

PDPA Consultation Service

We are working in the domain of cyber security and privacy since 2016 and already helped 150+ companies with regulatory compliance such as GDPR, PDPL, CCPA etc. Our team of expert and experienced consultants will help you simplify and deploy the mandatory PDPA compliance.

Gap Assessment

Get a detailed assessment showing your organizations current PDPA compliance posture, and a remediation plan to address the gaps and risks..

Legal Policies

Get legal advice and support in reviewing and updating privacy notices, policies, supplier contracts and international data transfer agreements

Data Flow Mapping

Get an inventory of the personal data held and shared by your organization, and a data flow map of your processes.

Data Protection Impact Assessment

Get an assessment of the data protection risks associated with your new process and a remediation plan to mitigate those risks.

Data Breach Support Service

Get on-call assistance in meeting the PDPA’s 72-hour data breach notification requirements in a structured and compliant manner.

Virtual Data Protection Officer

Get supported by a qualified DPO team who will serve as the independent data protection expert to your organization.

About Aristi

Aristi is into the business of cyber security and privacy since 2016. We are the very first and only cyber security research and consultation company based in central India. We are part of Startup India. Govt of India's flagship scheme to promote startup culture in India.

We know cyber security and privacy sounds complex and at some point it is, but our consultants are known for their capabilities to make complex things easy for business people and help them understand the key needs.

General Questions

Similar to the GDPR, the intention of the PDPA is to protect data owners (i.e., data subjects under the GDPR) in Thailand from the unauthorized or unlawful collection, use, or disclosure and processing of their personal data.

Thailand’s Personal Data Protection Act (PDPA) was finally approved in February 2019 by the Thai National Legislative Assembly, after several legislative attempts. The PDPA was published in the Royal Thai Government Gazette following the passage of the bill, and came into effect on May 28, 2019. Organizations now have one year to fully comply with their policies by May 27th 2020.

The Personal Data Protection Act of Thailand is applicable to businesses based in Thailand and to those organizations who offer goods and services to Thai citizens irrespective to their location.

When it comes to exemptions, PDPA is pretty much controversial. Currently There’s hardly any exemptions for small and mid size businesses. But Govt agencies and organizations have all the authorities to collect and process the data without any information or consent from the end user.

In case of non – compliance organizations will be liable for financial penalties upto THB 5 million. Under some scenarios company owners may face imprisonment upto 1 year.

PDPA is an eccentrical step towards the data privacy and security of the end users data in Thailand

Hire our consultants to comply with PDPA