What is Thailand’s new data protection law?
Over the past couple of years, the proliferation of data protection laws has accelerated around the world and Thailand is no exception. The country’s first law on personal data protection, having been postponed twice since 2019 due to COVID-19, finally came into force on June 1st – despite the private sector making last-minute efforts to delay its implementation for another two years. Whether you’re a business that handles personal data or an individual who is concerned, this Pacific Prime Thailand article gets you up to speed on the Personal Data Protection Act (PDPA) of 2019.
PDPA protects individuals and their personal data
Coming into force in 2016, the GDPR served as inspiration for many regional variations – including the PDPA in Thailand. The PDPA aims to guarantee protection for data owners, and to set guidelines that require businesses and state agencies to obtain permission from data owners when it comes to collecting, processing, using, and disclosing their personal information. In addition to entities located in Thailand, the PDPA also applies to data controllers and processors overseas if they process the personal data of individuals in Thailand.
As Stephen James Helwig, interim chief corporate affairs officer for Total Access Communications (DTAC), Thailand’s third-biggest mobile operator said in a Bangkok Post article:
“The enforcement of the PDPA on June 1 marks a milestone for privacy protection and data security for customers in Thailand”
Personal data under the PDPR
Personal data is defined as any data that can either directly or indirectly identify an individual, which includes their name, address, email address, phone number, ID number, or any other information relating to a person’s identity. In addition, sensitive personal data is also given further protection in the PDPA and includes data related to:
- Health data (including biometric and genetic data)
- Gender, sexual orientation, and any disabilities
- Race, ethnic origin, and religion
- Trade union information and political opinions
Businesses caught off guard by the PDPA
In a survey conducted by the Thai Board of Trade and the University of the Thai Chamber of Commerce, only 8% of almost 4,000 businesses surveyed have taken measures to be fully compliant with the law, while 31% indicated that they have not even started the process of compliance. These businesses that are caught off guard by the PDPA will need to focus on and prioritize their PDPA readiness to avoid potential lawsuits that arise from non-compliance*.
*Businesses should note that any violations to the PDPA can result in fines of up to THB 5,000,000 or imprisonment of up to one year.
Get in touch with a PDPA compliance brokerage like Pacific Prime Thailand!
Businesses in Thailand not only need to ensure that they’re PDPA compliant, but should also ensure that any third-party provider such as health insurance or employee benefits provider they work with is as well. Enter Pacific Prime Thailand, a global health insurance brokerage and employee benefits specialist that is fully compliant with the PDPA and other data protection laws around the world. With over two decades of experience in the sector, we have what it takes to help businesses design, implement, administer, and optimize their employee benefits plans to meet their organizational goals.
To learn more about what Pacific Prime Thailand can do for you, you’re more than welcome to get in touch with a member of our corporate team today!
Outside of work, Suphanida enjoys traveling to new places and immersing herself in different cultures.
Latest posts by Suphanida (see all)
- COVID-19: Thailand makes face masks voluntary - June 28, 2022
- What is Thailand’s new data protection law? - June 14, 2022
- ‘Long COVID-19’: Why and how employers ought to support employees - May 31, 2022