Advance Blog

April 22, 2024

Thailand’s Regulations for Cross-Border Personal Data Transfer Come into Force

Two notifications on the cross-border transfer of personal data, issued by Thailand’s Personal Data Protection Committee (PDPC), came into effect on March 24, 2024. These notifications set out the criteria governing the cross-border transfer of personal data offshore, specifically focusing on situations where appropriate personal data protection standards are in place.

Of particular importance is the role of binding corporate rules (BCRs) in enabling the cross-border transfer of personal data among affiliated businesses or within the same group of undertakings. The implementation of BCRs requires a comprehensive review and approval process by the Office of the PDPC, strictly in accordance with the criteria set out in one of the two notifications.

With the notifications now fully enforceable, the Office of the PDPC has begun accepting BCRs for review. Data controllers and data processors intending to adopt BCRs as a means for transferring data to offshore affiliates or group companies must initiate the BCR submission process promptly. Failure to comply with PDPA requirements concerning the cross-border transfer of personal data could result in substantial penalties.

Organizations involved in cross-border personal data transfers should be proactive in complying with the prescribed criteria to avoid these regulatory penalties and maintain the data protection standards mandated by the PDPA.

For more information on these cross-border personal data transfer regulations, or on any aspect of complying with Thailand’s data protection laws, please contact Nopparat Lalitkomon at [email protected], Gvavalin Mahakunkitchareon at [email protected], or Wilin Somya at [email protected].

Nopparat Lalitkomon
Gvavalin Mahakunkitchareon
Wilin Somya

Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”)

As the Personal Data Protection Act (PDPA) also applies to personal data collected prior to the PDPA’s entry into force, please be informed that AustCham Thailand will automatically keep your contact details including email address, name and last name, and company details, on our mailing list.

Your data was received by AustCham Thailand as a result from you either registering or attending an event, contacting our office or subscribing to regular updates via the website. However, if you would like to stop receiving emails AustCham Thailand and revoke your consent for AustCham to keep and use your data to contact you for chamber events and updates, please scroll down to the end of this email and click “Unsubscribe from this list”. Your personal data will be shortly deleted once the opt-out notice request is received.

Please note that your data is kept in AustCham’s CRM system, please see here for AustCham’s Terms of Use and Privacy Policy. AustCham uses a management software system from Wild Apricot, and emails are distributed through MailChimp.