We use cookies, including third party cookies, to personalise and optimise your experience when exploring our website. For more detailed information about our cookies, please refer to cookies section in our privacy notice .
If you agree to the use of cookies, please click “Accept”. To manage your cookies settings, please click “Cookies Settings”.

Cookies Settings

Delayed Enforcement of the PDPA
September 2020
By Nat Boonjunwetvat, Punnapa Vorapanyasakul

The Personal Data Protection Act B.E. 2562 (A.D. 2019) (the “PDPA”) was published in the Royal Gazette on 27 May 2019 as the main legislation governing personal data protection in Thailand. Similar to the General Data Protection Regulation (GDPR), the PDPA imposes a number of significant obligations on persons involving in the process of collecting, using or disclosing personal data. In this regard, the primary elements of the PDPA regarding the protection of personal data were initially planned to take full effect on 27 May 2020, but have ultimately been delayed until 1 June 2021.

During this transitional period, data controllers (i.e. those who have the power and duties to make decisions regarding the collection, usage or disclosure of personal data) remain obliged to provide security measures for personal data in accordance with the Notification of Ministry of Digital Economy and Society regarding the Standards of Maintaining the Security of Personal Data B.E. 2563 (A.D. 2020) (the “Notification”) as follows:

  1. to inform its personnel, staffs, employees, workers or relevant persons of the security measures, as well as create awareness of personal data protection for such persons to strictly comply with; and
  2. the security measures shall comprise administrative, technical and physical safeguards regarding access control of personal data, which shall at least cover control over access to personal data and data processing equipment, authorisation or rights to access personal data, user access management, user responsibilities and examination of previous access, change, deletion or transfer of personal data.

In light of the above, the data controllers may possibly opt for other measures having standards which are not lower than those prescribed in the Notification.

This document is solely intended to provide an update on recent development in Thailand legislation and is not purported to provide a legal opinion, nor a legal advice to any person.

VAT on Foreign e-service
March 2021
With effect from 1 September 2021, Thailand will impose value-added tax (“VAT”) liability on foreign digital service providers with an aim to level the playing field between domestic and foreign online operators. Key takeaways from this notable change can be summarized as follows:
New Criteria on Interest Rates under the CCC
March 2021
On 9 March 2021, the Cabinet approved a Draft Amendment to the Thai Civil and Commercial Code (the “Draft Amendment”) which proposes changes in (i) an interest rate or default interest rate under the Thai Civil and Commercial Code where it is not expressedly determined in an agreement or in the laws and (ii) the method for default interest calculation.
Thailand Personal Data Protection
August 2020
In light of the ever-growing importance of data privacy, the Personal Data Protection Act B.E. 2562 (A.D. 2019) (the "PDPA") was published in the Royal Gazette on 27 May 2019 as the main legislation governing personal data protection in Thailand.