Belaws Home ›› Thailand ›› Blog ›› 4 new updates to the PDPA announced
news
4 new updates to the PDPA announced
28/06/2022
On the 21st of June 2022, the Data Protection Committee published four new announcements in the Royal Gazette about the PDPA. These announcements provide more details relating to the PDPA and have been created in order to provide data processors and controllers (i.e. those who work with personal data) with more information about their duties and responsibilities under the PDPA.
What is the PDPA?
The PDPA is a law that prevents the infringement of a data subjects personal information. The PDPA will be applied to any collection, use or disclosure of personal data obtained by a data controller or data processor within Thailand. However, when a data controller or data processor is located outside of Thailand, the PDPA will still apply if the data subject whose data is collected, used or disclosed is located in Thailand.
What are the four announcements?
1. Relaxation of the data record requirements of the Data Protection Officer for small-to-medium size enterprises or SMEs.
SMEs and community enterprises are now exempt from having to log the working records of data controllers.
The exemption applies to the following organisations:
- SMEs and factories that hire no more than 200 workers with an income not exceeding 500 million baht a year or a retail shop or company that hires no more than 100 employees with an income of 300 million baht a year.
- Community enterprises
- Enterprises that work for society
- Cooperatives
- Foundations, associations, religious organisations and NGOs
- Family enterprises or similar businesses.
2. Terms and measures for the making and keeping of personal data records for data protection officers
Under the new announcements, companies have been granted a 180-day grace period in order to make adequate preparations for the enforcement of the PDPA and become fully compliant.
3. Security measures for data protection officers
The third announcement sets the minimum requirements for protecting personal data in line with safety measures announced by the Digital Economy and Society Ministry.
Furthermore, to ensure these measures are achievable, the minimum safety requirements have been designed in a way that won’t be a big financial burden for firms.
4. Measures to impose administrative fines or penalties by the specialized committee
Prior to these new announcements coming into force, the PDPA enforced strong punishments for those who breach it. However, under the new announcements a committee of experts have the power to show leniency towards companies who are found to violate the PDPA without intention. Rather than facing strict fines or worse from the Thai Courts, offending companies may instead be issued a lessor fine or receive a warning instead.
When do these measures come into effect?
The full PDPA legislation came into full effect on June 1st, however, these new announcements became effective from the 21st of June 2022.
4 further announcements are also expected to be announced before the end of June as well. There is currently no information relating to what these further announcements are related to.
What else do I need to know about the PDPA?
The PDPA has far reaching implications for many companies and is a complex piece of legislation. For more information about the PDPA please check out our following blog posts.
How can our team of experts help?
These new announcements highlight the fact that the Thai government is placing a lot of emphasis on the PDPA. By making these announcements so soon after the PDPA was launched, it is clear that the government is willing to change and adapt the PDPA quickly and accordingly to make it as effective as possible.
The PDPA has been in full effect for nearly 1 month and it is essential that your company is compliant. If you need more information about the PDPA and how to ensure full compliance, you can book a consultation with one of our PDPA experts.
Please note that this article is for information purposes only and does not constitute legal advice.
Our consultations last for a period of up to 1 hour and are conducted by expert Lawyers who are fluent in English, French and Thai.
Consultations can be hosted via WhatsApp or Video Conferencing software for your convenience. A consultation with one of our legal experts is undoubtedly the best way to get all the information you need and answer any questions you may have about your new business or project.
USD 150
Up to 1 hour
Online payment (Paypal or Credit card)
Legal consultation can be conducted in English, French or Thai
Legal consultations are handled by experienced lawyers from the relevant fields of practice
Frequently asked questions
What is Thailand Personal Data Protection Act?
The PDPA is a law that prevents the infringement of a data subjects personal information. The PDPA will be applied to any collection, use or disclosure of personal data obtained by a data controller or data processor within Thailand. However, when a data controller or data processor is located outside of Thailand, the PDPA will still apply if the data subject whose data is collected, used or disclosed is located in Thailand.
Does GDPR apply in Thailand?
The GDPR applies to organisations that have a presence in the EU, notably entities that have an ‘establishment’ in the EU. The GDPR also applies to the processing activities of data controllers and data processors that do not have any presence in the EU, where processing activities are related to the offering of goods, or services to individuals in the EU, or to the monitoring of the behaviour of individuals in the EU.
Which countries have the best data protection?
Denmark, Norway and Canada are considered to have the best Data Protection laws along with the EU.
What is the difference between PDPA and GDPR?
The GDPR states specific rules for the processing of personal data for research purposes, including data minimisation and anonymisation. The PDPA does not include specific rules for the collection, use, and disclosure of personal data for such purposes, but requires that ‘suitable measures are put in place.
Who does Thai PDPA cover?
The PDPA covers all uses or disclosure of personal data obtained by a data controller or data processor within Thailand. Data controller and processors is located outside of Thailand, the PDPA will still apply.
What is personal data protection?
Personal data protection refers to how both public and private entities receive consent from data subjects. Data protection also covers the correct methods for processing, collecting or disclosing personal data.
What flag is Thailand?
The Thai flag is made up of 5 horizontal stripes of red, white, blue, white and red. The middle stripe twice as wide as the others
Did you know facts about Thailand?
Thailand was never colonized by European countries.
What is the capital of Thailand?
The capital of Thailand is Bangkok
Who are exempted from PDPA?
The only exemptions to the PDPA is where the disclosure of the information is in the interest of investigation procedures, proceedings by the courts, or the data subject provided written consent.
Who is subject to PDPA?
The PDPA will be applied to any collection, use or disclosure of personal data obtained by a data controller or data processor within Thailand.
Does PDPA apply to individuals?
The PDPA applies to both individuals and companies alike.
Related posts
Subscribe today
Subscribe today
To our newsletter for all the latest legal news
in South East Asia, Belaws updates and
special promotions on our services.
To our newsletter today for all the latest legal news in South East Asia,
Belaws updates and special promotions on our services.
We are open:
Monday – Friday
9 am – 6 pm (UTC+7)