On 5 May 2021, the Cabinet approved postponing the full enforcement of the Thai Personal Data Protection Act (PDPA) for one further year due to the recent and severe outbreak of COVID 19 in Thailand. This was the second time the Act has been postponed.
Pending the issuance of a new law to confirm the postponement, most provisions of the PDPA will become effective on 1 June 2022.
Business operators should still prepare themselves well to comply with the PDPA when it does eventually come into force. This is because Thailand cannot easily backtrack on the eventual passing of the PDPA, which has been influenced by the European General Data Protection Regulation (GDPR), and in the future COVID 19 may no longer provide sufficient reason for any further postponement.
However, the second postponement does give each business operator a good chance to review their PDPA compliance and minimize any significant liability risk due to PDPA violations (punishments can be accumulated for each of violation occurrence).
Those who have tried to prepare for PDPA compliance before might have faced the following key challenges:
We welcome any opportunity to discuss the relevance of the above for your business.
KPMG Thailand’s Legal Services Team offers a wide range of practical legal solutions. For more information, please visit Legal services.