Advance Blog

June 23, 2021

Legal Updates: Another One-Year Postponement of PDPA

Despite the postponement of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) last year, the Ministry of Digital Economy and Society still foresees difficulty fully enforcing PDPA in 2021 due to technical obstacles in the course of PDPA implementation and the current situation of COVID-19 pandemic which has wrecked the economy and society nationwide. They thus proposed another one-year postponement of PDPA to the Cabinet Minister, who approved the resolution and enacted a Royal Decree prescribing Organization and Business Data Controllers in Exemption of PDPA Enforcement (No. 2) B.E. 2564 (2021) (“Royal Decree”) on May 7, 2021, to postpone the effective date of the major PDPA provisions from June 1, 2021, to June 1, 2022.

Critical Perspectives of the Postponement

According to this new Royal Decree, the following five Chapters and one Section of PDPA shall be effective in June next year.

  • Chapter 2: Personal Data Protection
    This includes the provisions addressing the notification obligations of data controllers, the consent requirements, the collection of general personal data and sensitive personal data, the use of personal data, and the disclosure thereof.
  • Chapter 3: Rights of the Data Subject
    This Chapter addresses rights of data subjects and the obligations of data controllers and data processors with regards to efficient personal data protection.
  • Chapter 5: Complaints
    This Chapter establishes the authority of the Personal Data Protection Committee to appoint the Expert Committee to hear complaints, settle disputes, investigate, and carry out any acts in connection to claims in relation to PDPA. The dispute resolution process and the authorities of the competent officers in this regard are also established under this Chapter.
  • Chapter 6: Civil LiabilityThe Chapter imposes compensatory obligations to data controllers or data processors who operate in violation of the provisions of PDPA and thereby cause damage to data subjects.
  • Chapter 7: Penalties
    This Chapter imposes criminal liability and administrative liability on data controllers, data processors, and any associated persons in case of violation of any provisions stipulated in PDPA.
  • Section 95: Data management protocols for the personal data that has been collected before the effective date of PDPA.

Concluding Remarks

Since the postponement affords additional time for all sectors in Thailand to adapt and customize their operation for PDPA compliance, this Royal Decree is a blessing in disguise. By next year, most sectors’ operations, if not all, should be in full compliance with PDPA; this will only be beneficial for all parties involved because PDPA offers comfort to all data subjects that their personal data will be handled with due care and transparency. In another light, PDPA enforcement will usher in a new regulatory era of data transactions in Thailand, which is necessary, given how much data is being used in the current business paradigm of the global Big Data trend.


พระราชกฤษฎีกากำหนดหน่วยงานและกิจการที่ผู้ควบคุมข้อมูลส่วนบุคคลไม่อยู่ภายใต้บังคับแห่งพระราชบัญญัติคุ้มครองข้อมูลส่วนบุคคล พ.ศ. ๒๕๖๒ (ฉบับที่ ๒) พ.ศ. ๒๕๖๔ (๒๕๖๔, ๘ พถษภาคม). ราชกิจจานุเษกษา เล่มที่ ๑๓๘ ตอนที่ ๓๒ ก หน้า ๑ – ๓

Retrieved from ,Retrieved 4 June, 2021

PKF Thailand

Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)

As the Personal Data Protection Act (PDPA) also applies to personal data collected prior to the PDPA’s entry into force, please be informed that AustCham Thailand will automatically keep your contact details including email address, name and last name, and company details, on our mailing list.

Your data was received by AustCham Thailand as a result from you either registering or attending an event, contacting our office or subscribing to regular updates via the website. However, if you would like to stop receiving emails AustCham Thailand and revoke your consent for AustCham to keep and use your data to contact you for chamber events and updates, please scroll down to the end of this email and click “Unsubscribe from this list”. Your personal data will be shortly deleted once the opt-out notice request is received.

Please note that your data is kept in AustCham’s CRM system, please see here for AustCham’s Terms of Use and Privacy Policy. AustCham uses a management software system from Wild Apricot, and emails are distributed through MailChimp.