Privacy Law at Thailand
Thailand's Personal Data Protection Act (PDPA), effective since June 1, 2022, establishes a comprehensive framework for personal data protection, aligning closely with international standards like the EU's GDPR. The Act applies to both domestic and international entities that process personal data of individuals located in Thailand.
Key Provisions of the PDPA
1. Scope and Applicability
Domestic and Extraterritorial Reach The PDPA applies to data controllers and processors based in Thailand, as well as foreign entities offering goods or services to individuals in Thailand or monitoring their behavior within the countr.
2. Consent and Data Processing
Consent Requirement Explicit consent is mandatory for processing personal data, especially sensitive data such as health information, biometric data, and religious belief.
Implied Consent In certain situations, implied consent may be applicable, such as when individuals voluntarily provide their information for specific purpose.
3. *Data Subject Rights
Individuals are entitled to several rights under the PDPA, includin:The right to access their personal dat. The right to request correction or erasure of inaccurate or unnecessary dat.The right to withdraw consent at any tim. The right to data portabilit The right to object to data processin.
4. *Data Protection Officer (DPO)
Organizations are required to appoint a Data Protection Officer (DPO) responsible for ensuring compliance with the PDPA and serving as a point of contact for data subjects and regulatory authoritie.
5. *Data Breach Notification
Data controllers must notify the Office of the Personal Data Protection Committee (PDPC) of any data breach within 72 hours of becoming aware of it. If the breach poses a high risk to individuals' rights and freedoms, affected individuals must also be informed without undue dela.
6. *Cross-Border Data Transfers
Transfers of personal data outside Thailand are permitted only to countries that provide an adequate level of data protection, or when specific conditions are met, such as obtaining explicit consent from data subject.
⚖️ Enforcement and Penalties
Non-compliance with the PDPA can result i:
Administrative Fines Up to THB 5 million per violatio.
Criminal Penaltie Imprisonment up to one year and/or fines up to THB 1 millio.
Punitive Damages Up to twice the amount of actual damage. In October 2023, the Personal Data Protection Committee (PDPC) signaled an end to the relaxation of enforcement, indicating stricter implementation of the PDP. Recent decisions have involved penalties and corrective actions for non-compliance, emphasizing the importance of adhering to data protection obligation
📌 Summary
Thailand's PDPA establishes a robust framework for personal data protection, emphasizing consent, transparency, and accountabiliy Organizations operating in Thailand or processing data of Thai individuals must ensure compliance with the Act to avoid substantial penalties and protect individuals' privacy righs.
RELATED Blog
0 comments