After numerous delays the Thailand Personal Data Protection Act (PDPA) has officially come into effect as of today (1st June). Any and all businesses that handle personal data in one way or another are now required to implement additional measures or alter the way in which they interact with customers, business partners and employees.

Some of the key steps that will need to be taken involve updating or issuing a new privacy policy; providing data subjects with consent forms where necessary; recording all processing activities; enter into data processing agreements with relevant third parties and business partners; implementing robust security measures to prevent and deal with data breaches; and appointing a Data Protection Officer.

To fully comply with the PDPA, companies will need every department to play their part to ensure that all necessary procedures are fully implemented and adhered to going forward. To aid this, there will be more guidance and requirements to come in the shape of sub-regulations and guidelines, which will be announced by the Personal Data Protection Committee in due course. For more information please access our latest client alert, Finally, Thailand’s PDPA comes into full effect from 1 June 2022.

Author

Dhiraphol Suwanprateep is a partner in Baker McKenzie's Bangkok office, where he is head of the Data and Technology Practice Group and co-head of the Intellectual Property Practice Group.

Author

Nont is a partner in Baker McKenzie Bangkok's Intellectual Property and Technology practice group. He assisted multinational and local clients in various industries on regulatory issues and preparation for compliance with Thai data protection and privacy laws. He is a Certified Information Privacy Professional Europe (CIPP/E) by the International Association of Privacy Professionals (IAPP).

Author

Dharin is a trainee in Baker McKenzie's Bangkok office.