Press enter to see results or esc to cancel.

What is Thailand’s new data protection law?

Over the past couple of years, the proliferation of data protection laws has accelerated around the world and Thailand is no exception. The country’s first law on personal data protection, having been postponed twice since 2019 due to COVID-19, finally came into force on June 1st – despite the private sector making last-minute efforts to delay its implementation for another two years. Whether you’re a business that handles personal data or an individual who is concerned, this Pacific Prime Thailand article gets you up to speed on the Personal Data Protection Act (PDPA) of 2019.

Corporate insurance banner

PDPA protects individuals and their personal data 

Coming into force in 2016, the GDPR served as inspiration for many regional variations – including the PDPA in Thailand. The PDPA aims to guarantee protection for data owners, and to set guidelines that require businesses and state agencies to obtain permission from data owners when it comes to collecting, processing, using, and disclosing their personal information. In addition to entities located in Thailand, the PDPA also applies to data controllers and processors overseas if they process the personal data of individuals in Thailand. 

As Stephen James Helwig, interim chief corporate affairs officer for Total Access Communications (DTAC), Thailand’s third-biggest mobile operator said in a Bangkok Post article:

“The enforcement of the PDPA on June 1 marks a milestone for privacy protection and data security for customers in Thailand”

Personal data under the PDPR 

Personal data is defined as any data that can either directly or indirectly identify an individual, which includes their name, address, email address, phone number, ID number, or any other information relating to a person’s identity. In addition, sensitive personal data is also given further protection in the PDPA and includes data related to:

  • Health data (including biometric and genetic data)
  • Gender, sexual orientation, and any disabilities
  • Race, ethnic origin, and religion
  • Trade union information and political opinions

Businesses caught off guard by the PDPA 

In a survey conducted by the Thai Board of Trade and the University of the Thai Chamber of Commerce, only 8% of almost 4,000 businesses surveyed have taken measures to be fully compliant with the law, while 31% indicated that they have not even started the process of compliance. These businesses that are caught off guard by the PDPA will need to focus on and prioritize their PDPA readiness to avoid potential lawsuits that arise from non-compliance*. 

*Businesses should note that any violations to the PDPA can result in fines of up to THB 5,000,000 or imprisonment of up to one year.

Get in touch with a PDPA compliance brokerage like Pacific Prime Thailand!

Businesses in Thailand not only need to ensure that they’re PDPA compliant, but should also ensure that any third-party provider such as health insurance or employee benefits provider they work with is as well. Enter Pacific Prime Thailand, a global health insurance brokerage and employee benefits specialist that is fully compliant with the PDPA and other data protection laws around the world. With over two decades of experience in the sector, we have what it takes to help businesses design, implement, administer, and optimize their employee benefits plans to meet their organizational goals. 

To learn more about what Pacific Prime Thailand can do for you, you’re more than welcome to get in touch with a member of our corporate team today!

Corporate Insurance CTA Banner


Content Creator at Pacific Prime Thailand
Suphanida aims to demystify the world of insurance by creating informative and engaging content. As a wordsmith, she spends the majority of her day writing and editing website content, blog posts, in-depth guides, and more.

Outside of work, Suphanida enjoys traveling to new places and immersing herself in different cultures.