All
Select Category
Rules on Deletion, Destruction or Anonymization of Personal Data

The Personal Data Protection Committee (PDPC) of Thailand has issued the PDPC Notification on Criteria for Deletion, Destruction or Anonymization of Personal Data B.E. 2567 (2024) dated 31st July 2024 (“Notification”).  The Notification was published in the Royal Gazette on 13th August 2024.  It will become effective on and from 11th November 2024.  We summarized… Read More

News / 21 Aug 2024

PDPC Rules on Personal Data Cross-Border Transfer from Thailand to Affiliates Abroad

On 12th December 2023, the Personal Data Protection Committee (PDPC) issued the Notification on Criteria for Protecting Personal Data Sent or Transferred Abroad under Section 29 of the Personal Data Protection Act B.E. 2562.  This notification was published in the Royal Gazette on 25th December 2023 and it will become effective on and from 24th… Read More

News / 05 Feb 2024

PDPC Rules on Personal Data Cross-Border Transfer from Thailand to Recipient Without Adequate Personal Data Protection Standards

On 12th December 2023, the Personal Data Protection Committee (PDPC) issued the Notification on Criteria for Protecting Personal Data Sent or Transferred Abroad under Section 28 of the Personal Data Protection Act B.E. 2562.  This notification was published in the Royal Gazette on 25th December 2023 and it will become effective on and from 24th… Read More

News / 01 Feb 2024

Regulation on Appointment Data Protection Officer (DPO) Comes into Force

The Notification of the Personal Data Protection Committee (PDPC) Re: Appointment of Data Protection Officers dated 31th August 2023 comes into force on and from 13th December 2023.  Some businesses who are data controllers or data processors (DC/DP) must appointment of a DPO.  Below are some frequently asked questions about the DPO with our answers…. Read More

News / 07 Dec 2023

Data Breach: What Can a Data Controller Do in Thailand?

The Personal Data Protection Act B.E. 2562 (A.D. 2019) of Thailand (PDPA) requires data controllers to notify the Personal Data Protection Committee (PDPC) and the data subjects if a data breach has occurred.  The PDPC Notification on Criteria and Procedures for Notifying Personal Data Breach B.E. 2565 (A.D. 2022) sets out the criteria and procedures… Read More

News / 30 Nov 2023

Thailand Notification on Appointment of Data Protection Officer (DPO)

Under Section 41(2) of the Personal Data Protection Act B.E. 2562 (PDPA), the data controller and the data processor must appoint a DPO if they carry out activities for collection, use or disclosure (processing) of personal data that require regular monitoring of personal data or systems and a large scale of personal data. The Personal… Read More

News / 30 Sep 2023