Advance Blog

May 23, 2024

Thailand Releases Master Plan for Personal Data Protection

Thailand Releases Master Plan for Personal Data Protection

On April 29, 2024, Thailand’s Office of the Personal Data Protection Committee (PDPC) issued the master plan for personal data protection, which outlines the PDPC’s strategies for developing and enhancing the data protection framework in Thailand from 2024 to 2027. A draft of this four-year plan had previously been released for a public hearing on November 27, 2023.


The master plan sets out the long-term direction for the protection of personal data in Thailand, analyzing the current landscape, challenges, and obstacles encountered since the full enactment of the Personal Data Protection Act B.E. 2562 (2019) (PDPA). It aims to align with Thailand’s National Security Policy and Plan for 2024–2027 and focuses on key sectors in its initial two years. These sectors are:

  • Public security and key government services;
  • Retail and e-commerce;
  • Information and communication technology and telecommunications;
  • Finance, investment, and insurance;
  • Public health;
  • Tourism; and
  • Education.


The master plan’s goals include increasing organizational compliance with the PDPA, reducing data breaches, updating the PDPA to reflect current circumstances, introducing various PDPC e-services, and enhancing Thailand’s global competitiveness in data privacy and personal data protection. It sets targets and indicators of the plan’s success, such as achieving a 100% PDPA compliance rate across all sectors in Thailand and raising Thailand’s digital competitiveness to at least 30th in the World Digital Competitiveness Rankings from the IMD World Competitiveness Center.

Strategic Initiatives

To achieve these objectives, the master plan introduces four strategic initiatives:

  • Effective and balanced PDPA enforcement: Develop standards, principles, criteria, tools, indicators, and data privacy governance, including law enhancements. A recent example of this is the PDPC’s launch of the Personal Data Protection Surveillance Centre (PDPC Eagle Eye) to monitor data breaches.
  • Knowledge and trust enhancement: Build human capacity and trust by enhancing knowledge through initiatives like the forthcoming data protection officer (DPO) course that is certified by the PDPC.
  • Digital economy and society promotion: Enhance collaboration across the private and public sectors, both domestically and internationally, to increase personal data protection capabilities and create a sustainable regulatory network.
  • R&D and technology adoption: Support research and technology adoption to enhance competitive capabilities, including implementation of a data protection sandbox and the hosting of an international data protection summit.

The recently released master plan not only provides systematic strategies for the PDPC but also shows the PDPC’s proactive approach to data protection. Private entities can ensure their compliance with the PDPA by upholding the required data privacy standards and staying alert for upcoming moves from the PDPC.

For more information on the PDPC’s master plan, or on any aspect of personal data protection in Thailand, please contact Tilleke & Gibbins’ data privacy team at [email protected], [email protected], or [email protected].

Nopparat Lalitkomon
Rada Lamsam
Wilin Somya

Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)

As the Personal Data Protection Act (PDPA) also applies to personal data collected prior to the PDPA’s entry into force, please be informed that AustCham Thailand will automatically keep your contact details including email address, name and last name, and company details, on our mailing list.

Your data was received by AustCham Thailand as a result from you either registering or attending an event, contacting our office or subscribing to regular updates via the website. However, if you would like to stop receiving emails AustCham Thailand and revoke your consent for AustCham to keep and use your data to contact you for chamber events and updates, please scroll down to the end of this email and click “Unsubscribe from this list”. Your personal data will be shortly deleted once the opt-out notice request is received.

Please note that your data is kept in AustCham’s CRM system, please see here for AustCham’s Terms of Use and Privacy Policy. AustCham uses a management software system from Wild Apricot, and emails are distributed through MailChimp.