Advance Blog

January 21, 2019
Coporate Sponsor social media profile pic 2020-04

Thailand: Personal Data Protection Act


With the wide use of the internet and social media, the issue of data protection and cyber security is becoming more important in our daily lives. In past times, there was more control over things written or printed on paper; however, now everything is uploaded onto the internet. Therefore, the safety of the information shared is becoming more and more of a concern.

Last year, The General Data Protection Regulation (GDPR) was the subject of wide discussion all over Europe. Although the effect of GDPR in the Asian region may be quite minimal, however, European companies intending to invest in Asia would very likely look at provisions that would adequately cover personal data protection issues.

The Asian region is fast developing laws and regulations relating to data protection and cyber securities, especially Singapore and Malaysia; Thailand has also been making the necessary laws to ensure it has adequate protection in these areas. This is seen as an essential move as Thailand is one of the most rapidly growing platforms for social media and e-commerce growth.

In this context, the Personal Data Protection Bill was drafted in 2017 and, despite some delays, heavy criticism and subsequent revisions, the said Bill has recently been approved to become law – Personal Data Protection Act (the “Act”).

It is understood that some of the GDPR principles have been incorporated in the Act, e.g. the conditions of a child’s consent (Article 8); definition of sensitive data (Article 9); and cross-border transfer of data (Articles 45, 46 & 48).

Prior to the Act coming in to effect, businesses in Thailand relied on various acts and provisions, such as the Constitution of the Kingdom of Thailand, the Thai Civil and Commercial Code and the Official Information Act, to protect personal data information. However, now that we have a specific piece of legislation which directly relates to the protection of personal data and information, businesses operating in Thailand will have to comply with the provisions of this Act. It is hoped that the Act will play a vital role in ensuring that all of the data being shared/uploaded on/across different platforms is adequately protected from threats.

Rajen Ramiah has more than 12 years of experience in the IP field with his areas of practice including registration of trademarks and general advisory work relating to the various forms of IP rights, including trademarks, copyright and industrial design rights. With a good grasp of the legal background, Rajen is now focusing on the area of Business Development for the Group.

Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)

As the Personal Data Protection Act (PDPA) also applies to personal data collected prior to the PDPA’s entry into force, please be informed that AustCham Thailand will automatically keep your contact details including email address, name and last name, and company details, on our mailing list.

Your data was received by AustCham Thailand as a result from you either registering or attending an event, contacting our office or subscribing to regular updates via the website. However, if you would like to stop receiving emails AustCham Thailand and revoke your consent for AustCham to keep and use your data to contact you for chamber events and updates, please scroll down to the end of this email and click “Unsubscribe from this list”. Your personal data will be shortly deleted once the opt-out notice request is received.

Please note that your data is kept in AustCham’s CRM system, please see here for AustCham’s Terms of Use and Privacy Policy. AustCham uses a management software system from Wild Apricot, and emails are distributed through MailChimp.