Published earlier this year, Thailand’s Personal Data Protection Act will come into full force in May 2020.
Today, we live in a highly connected technological era where data is king. Indeed Digitization has resulted in a world where data underpins almost all aspects of our lives to the point where our personal data is constantly being collected, shared, sold, analyzed and monetized. And while this constant data sharing certainly has its benefits; the associated risks are alarming. It is no wonder then that more and more countries around the globe are making a concerted effort to enact more comprehensive data protection and privacy legislation. Today we take a look at Thailand’s new Personal Data Protection Act (PDPA).
Published in the Government Gazette on May 27, 2019, Thailand’s PDPA is expected to come into full force on May 2020. Similar to the GDPR, the PDPA seeks to regulate the collection, use and sharing of personal data which could identify—whether directly or indirectly—a natural person; and provides guidelines for the processing of personal data. It does not apply to information related to a deceased individual.
Under the PDPA data owners now have the following rights:
Who is the PDPA applicable to?
The PDPA is applicable to any entities offering goods and/or services to individuals located in Thailand which collect, use or share personal data. This is the case whether or not the entity is located in or out of Thailand.
Based on data usages, companies must comply to the PDPA either as a data controller and/or a data processor.
While the PDPA may have similarities to the GDPR It is important to note that GDPR compliance does not automatically ensure that your company is PDPA compliant.