Delayed Enforcement of the PDPA

THANATHIP & PARTNERS

We use cookies, including third party cookies, to personalise and optimise your experience when exploring our website. For more detailed information about our cookies, please refer to cookies section in our privacy notice .
If you agree to the use of cookies, please click “Accept”. To manage your cookies settings, please click “Cookies Settings”.

	Cookies Settings
	Necessary cookies These cookies are essential for the operation of our website. Without these cookies, our website cannot function properly and you may not be able to browse the website effectively. You may change your browser settings to disable these cookies, but it may affect your access or use of the website.
	Analytics cookies These cookies collect information about visitor to our website, particularly with regard to data relating to user’s device, browser, IP address and browsing behavior. This enables us to measure user interactions and volume and nature of traffic to our website in order to improve the performance of our website, as well as record and resolve any difficulties that you may have from the use of our website. In this connection, we use Google Analytics services provided by [Google LLC and its affiliates] for this purpose.

September 2020

By Nat Boonjunwetvat, Punnapa Vorapanyasakul

The Personal Data Protection Act B.E. 2562 (A.D. 2019) (the “PDPA”) was published in the Royal Gazette on 27 May 2019 as the main legislation governing personal data protection in Thailand. Similar to the General Data Protection Regulation (GDPR), the PDPA imposes a number of significant obligations on persons involving in the process of collecting, using or disclosing personal data. In this regard, the primary elements of the PDPA regarding the protection of personal data were initially planned to take full effect on 27 May 2020, but have ultimately been delayed until 1 June 2021.

During this transitional period, data controllers (i.e. those who have the power and duties to make decisions regarding the collection, usage or disclosure of personal data) remain obliged to provide security measures for personal data in accordance with the Notification of Ministry of Digital Economy and Society regarding the Standards of Maintaining the Security of Personal Data B.E. 2563 (A.D. 2020) (the “Notification”) as follows:

to inform its personnel, staffs, employees, workers or relevant persons of the security measures, as well as create awareness of personal data protection for such persons to strictly comply with; and
the security measures shall comprise administrative, technical and physical safeguards regarding access control of personal data, which shall at least cover control over access to personal data and data processing equipment, authorisation or rights to access personal data, user access management, user responsibilities and examination of previous access, change, deletion or transfer of personal data.

In light of the above, the data controllers may possibly opt for other measures having standards which are not lower than those prescribed in the Notification.

This document is solely intended to provide an update on recent development in Thailand legislation and is not purported to provide a legal opinion, nor a legal advice to any person.

Implementation of Partnership and Company Registration via DBD Biz Regist

March 2025

Following the implementation of the regulation governing online registration of partnerships and limited companies, the Department of Business Development (the “DBD”) has officially launched the new digital registration system called the DBD Biz Regist on 16 January 2025. As part of the transition towards having the DBD Biz Regist as the sole business registration channel in Thailand by 1 July 2025, the DBD has discontinued its online pre-reservation system for business registration since 3 February 2025 to encourage the use of the DBD Biz Regist instead of a physical system which has long been in use.

New BOI Scheme for Startups

February 2025

On 15 July 2024, the Thailand Board of Investment ("BOI") unveiled a funding scheme under the Competitiveness Enhancement Policy Committee for Target Industries (the “Committee”) (Announcement No. 2/2567 ), aimed at accelerating the growth of high-potential startups. This newly introduced framework supersedes the previous program established under Announcement No. 2/2564 and its subsequent amendment.

Thailand’s Financial Hub Act: Key Provisions and Objectives

February 2025

The Thai Cabinet has recently approved the draft Financial Hub Act (the “Act”), with the aim to establish Thailand as a global hub for financial industries, attracting foreign investment and enhancing employment opportunities for the Thai labour force.