Legal Update - 21 JUNE 2019
THAILAND FINALLY ENACTED ITS PERSONAL DATA PROTECTION ACT
Telephone: +66 2 676 6667
On 27 May 2019, the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) was finally published in the Government Gazette after it was presented to the King for His Royal Signature. Therefore, the PDPA has been in effect since 28 May 2019 except for provisions under Chapters 2, 3, 5, 6 and 7, and Sections 95 and 96, which are the operative provisions. These operative provisions will come into force after a grace period of one year from the publication date, i.e. 27 May 2020. This PDPA is Thailand’s very first consolidated law governing data protection in general.
The key provisions of the PDPA are as follows:
For business operators, since the grace period for compliance with the operative provisions is only one year, business operators should be well prepared and raise awareness among their employees and staff. There are some recommendations: business operators should conduct a review and analysis of data they are currently possessing in order to understand such data, and then segregate personal data; identify levels of compliance with the PDPA; review privacy policies, agreements and any other rules and practices; arrange training for their employees and staff; assess risks of possible violation of the PDPA involved in each activity; put some measures in place to effectively detect, report and investigate a violation of the PDPA, as well as designate an in-house data protection team. These preparations, in some ways, can assure that personal data in their possession will be properly collected, maintained and processed.
However, the actual implementation of the PDPA is yet to occur. However, it will be accompanied by subordinate legislation and a procedural framework later this year.
Further developments will be monitored and updated.
This article is prepared by Paramee Kerativitayanan and Metas Sansuk. (21 June 2019)
SCL Law Group