What do SMEs need to know about Thailand’s PDPA regime?

Key takeaways

  • Thailand’s PDPA regime was enacted to protect the data of individuals.
  • Most, if not all, SMEs are required to comply with the laws set out in the PDPA.
  • Major fines and penalties can be implemented failure to comply with the PDPA.

Thailand’s approach to data protection

Tabled in 2019 before coming into effect in 2021, Thailand’s Personal Data Protection Act, B.E. 2562 (A.D. 2019) (PDPA) is the country’s answer to the European Union’s General Data Protection Regulation (GDPR).

As data privacy and protection become ever more important to SMEs, it is essential that all businesses, big and small, have a succinct understanding of how the law will impact their operations and how to remain compliant with the regulations.

Overview of the PDPA

In this short article, we will try to summarise some of they key elements of the PDPA that SMEs should be aware of.

Complying with the PDPA

With a couple of notable exceptions, the PDPA applies to legal entities that collect, utilise or disclose a natural person’s personal data.

Most, if not all, businesses will be required to abide by the laws of the PDPA.

Obligations under the PDPA

As a controller of personal data, SMEs are required by law not to collect, use or disclose personal data without the express consent of the data subject.

To be able to utilise data from a customer, it is essential that the request for consent is gained in a written statement or via electronic means.

Security requirements under the PDPA

As cyber-attacks, including ransomware attacks, become more commonplace, it is imperative that you ensure the safety of your data.

The PDPA mandates that companies are under the requirement to have suitable security measures in place to protect the personal data of data subjects.

Requirements for data breaches

In the event of a data breach, the company must inform Thailand’s Personal Data Protection Commission (PDPC) within 72 hours of said breach.

Penalties for non-compliance with the PDPA

As government bodies take a more stringent approach to the protection of data, it is essential that companies take the necessary actions to ensure they remain compliant with the PDPA.

A breach of the PDPA can result in a company facing civil penalties and criminal liability. Failure to adhere to the regulations of the PDPA can result in fines of THB 5m and/or a jail term of not exceeding one year. However, this depends on the severity of the data breach and the type of violation.

What does this mean for my business?

To ensure SMEs can remain compliant with the PDPA, we suggest the following:

  • Conduct a thorough analysis of the requirements of the PDPA to ensure constant compliance.
  • Develop a stringent internal framework for dealing with the requests of data subjects.
  • Ensure that all employees are aware of their obligations when handling personal data.

How can WSR International help you?

As this article was an introduction to some of the very basic principles of the PDPA, we suggest that companies take a more detailed look at the various requirements under the law, as there are numerous elements to be considered.

With business and legal experts located in both Bangkok and Phuket, WSR International are perfectly situated to assist you to get to grips with the PDPA.

If you would like to discuss the contents of this article in further detail, please do not hesitate to reach out to the business and legal experts at WSR International.

𝗖𝗼𝗻𝘁𝗮𝗰𝘁 𝘂𝘀:
WSR International Co., Ltd.
Chartered Square Unit 16-05, 152 North Sathorn, Khwaeng Silom, Khet Bang Rak, Bangkok 10500 VAT Registration no: 0905565001881
Phone: +66 92 616 4423
Email: info@wsrlawgroup.com

Facebook
Twitter
LinkedIn
Pinterest
电子邮件
zh_CN
保密且无义务

免费法律咨询

In English, Chinese, Russian and Thai.

我们在这里为您提供 30 分钟的免费咨询。 我们的律师将:

  • 提供初步建议
  • 对您的问题进行评估
  • 帮助您决定下一步该做什么以达到理想的结果

You can also reach out to us through the chat button here on our site which connects directly to our Facebook Messenger account.

Have more questions?

If you have more questions after our first consultation, we are happy to assist you further. Our consultation rates are as follows:

First consultationFREE
Subsequent consultations5,000 THB / hour