The Personal Data Protection Act (PDPA) is scheduled to go into effect on June 1, as authorities hope it will establish a clear standard for the protection of personal data and boost international confidence in local businesses.
The PDPA was published in the Royal Gazette in May 2019, with an adjustment period of one year for stakeholders. The full implementation of the law was then delayed twice due to the pandemic.
According to government officials, the PDPA, once implemented, is expected to alter the landscape of personal data protection in Thailand. The law mandates that data controllers and processors who use personal data must obtain consent from data owners and use the information only for specified purposes.
The PDPA imposes administrative fines of up to 5 million baht, criminal penalties of up to one year in prison and/or fines of up to 1 million baht, and punitive damages of up to twice the amount of actual damages for noncompliance.
Minister of Digital Economy and Society Chaiwut Thanakamanusorn stated that the PDPA is a fundamental law that will foster confidence in personal data protection in the country’s digital economy, as well as the rights of individuals to data ownership and usage.
Paiboon Amornpinyokiat, a member of the PDPC’s legal subcommittee, said that in the first year of the PDPA’s implementation, authorities will only issue warnings to violators and urge them to comply with the regulations. Increased efforts will also be made to educate the public and businesses about the law. (NNT)