Greeting all guys and myself again!

From the previous article about the data protection law in Europe, GDPR, now we move to Thailand version that is:


PDPA (Personal Data Protection Act)

This act has been approved recently on 28 February, 2019. This is for data privacy and protection similar to GDPR but there are some differences.

2 Roles of the process

  1. Data controller
    As same as GDPR, they define what data and how to manage, utilize, and disclosure.
  2. Data Processor
    The workers under rules of data controllers.

There is no data owner defined in PDPA. By the way, the definition of “Personal data” has been more clarified by excluding the deceased.

Area of Effect of PDPA

It applies to:

  • All data collecting, utilizing, and disclosing in Thailand
  • Offering goods and services to customers in Thailand regardless to payments
  • Data surveillance for transactions in Thailand

Consent alignments

PDPA implies the consents:

  • need the acknowledge from customers
  • be intuitive
  • not lead to misunderstanding
  • can invalidated by customers at any time

Exceptions of enforcement

However, PDPA has some exceptions as the following examples:

  • Data collecting for benefits of themselves and their families
  • Government organizations who are in charge of governmental security, government financial security, citizen security, and cyber security
  • Mass medium, artistic arts, and literature along their profession ethics
  • House of Representatives, Senate, and Congress
  • Process of judgement
  • Process of credit check

Yeah, those are PDPA which is the personal data protection law of Thailand. Even we are in Europe, Thailand, or other countries, we need to follow their laws and regulations in our data collecting process.

This is the last part of the Data4.0 scenario but don’t worry, Please stay tuned for what’s next!