Personal Data Security Standards B.E. 2563

On 24th June 2020, the Ministry of Digital Economy and Society (“MDES”) issued its Notification on Personal Data Security Standards B.E. 2563 (A.D. 2020) (“Notification”) effective from 18th July 2020 to 31st May 2021.

The Notification defines the “personal data security” as the maintenance of  the confidentiality, integrity and availability of the personal data for preventing any loss of the personal data and any unauthorized access, use, modification, alteration or disclosure of the personal data.

The Notification requires each data controller to notify its personal, staff, employees or related persons of its personal data security measures and to promote their awareness of the importance of the personal data.

The data controller must also provide personal data protection measures which should consist of the administrative, technical and physical safeguards for the purposes of personal data access control consisting of at least the followings:-

(1)   the access control for the personal data and the data storage and processing devices;

(2)   the authorization or rights to access the personal data;

(3)   the user access management measure to limit the personal data access to only the authorized persons;

(4)   the user responsibilities control to prevent an unauthorized access, disclosure, knowing or copying of the personal data and stealing of data storage and processing devices; and

(5)   the tracking system to trace the access, alteration, deletion, or transfer of personal data;

The data controller can choose to use personal security standards which are different from the standards required under the Notification provided that such standards consist of personal data security measures not lower than those specified under the Notification.

To see the archive of our past newsletters and articles please click here.


The information provided in this document is general in nature and may not apply to any specific situation. Specific advice should be sought before taking any action based on the information provided. Under no circumstances shall LawPlus Ltd. and LawPlus Myanmar Ltd. or any of their directors, partners and lawyers be liable for any direct or indirect, incidental or consequential loss or damage that results from the use of or the reliance upon the information contained in this document. Copyright © 2016 to 2020 LawPlus Ltd.