What is the PDPA?
Thailand’s Personal Data Protection Act (PDPA) is Thailand’s first personal data protection legislation. It became effective on May 28th, 2019 with a one-year grace period before its main functions are enforced. The law contains similar provisions to those of the EU’s GDPR, such as extraterritorial affect for controllers targeting data subjects, a definition of personal data as relating to an identifiable natural person, a requirement for consent to process personal data, express consent for sensitive data, access rights for data subjects, prohibitions on the transfer of data with exceptions for consent and safeguards. Violations are subject to both civil and criminal sanctions.