Thailand: Postponement of Personal Data Protection Act (PDPA) Enforcement

Effective on May 9, 2021, the Royal Thai Government Gazette has published the official postponement of the enforcement of Thailand Personal Data Protection Act B.E. 2562 (2019) (PDPA) to June 1, 2022.

Thailand’s PDPA was originally scheduled to come into effect on June 1, 2021. The PDPA is considered as the first local law designed to govern data protection in the digital age.  It is comparable to the European General Data Protection Regulation (GDRP). Key aspects of the PDPA include: data processing, data collection, data storage, and data consent protocols.

The PDPA has created multiple challenges for both local businesses and foreign businesses alike. Seeing the enforcement challenges with the ongoing COVID-19 crisis, the PDPA has been postponed for one additional year.

With this being said, businesses are still required to comply with the Data Protection Standard as prescribed by MDES. The standard includes such regulations as:

  • Implementation of adequate data access and storage protocols;
  • Assignment of user access management and responsibilities to prevent unauthorized access;
  • Implementation of data logs including data deletion log, data transfer log, and data amendment log.

In conclusion, businesses are given one additional year to implement adequate data protection protocols. As such, it is encouraged that proper understanding and preparation be made ready before the PDPA comes into full effect on June 1, 2022.

As this is not an official announcement in the Royal Thai Government Gazette at this time, we will keep you posted on the development as the information becomes available. Should you require further assistance please contact: law@ilct.co.th.