Thailand’s Personal Data Protection Act Enters into Force

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into drive after three years of delays. The PDPA, initially enacted in Could 2019, offers for a one-year grace interval, with the principle operative provisions of the legislation initially set to return into drive in 2020. Because of the COVID-19 pandemic, nonetheless, the Thai authorities issued royal decrees to increase the compliance deadline to June 1, 2022. 

The PDPA mirrors the EU Normal Data Protection Regulation (“GDPR”) in lots of respects. Particularly, it requires knowledge controllers and processors to have a legitimate authorized foundation for processing private knowledge (i.e., knowledge that may establish residing pure individuals straight or not directly). If such private knowledge is delicate private knowledge (corresponding to well being knowledge, biometric knowledge, race, faith, sexual choice and felony report), knowledge controllers and processors should make sure that knowledge topics give specific consent for any assortment, use or disclosure of such knowledge. Exemptions are granted for public curiosity, contractual obligations, important curiosity or compliance with the legislation.

The PDPA applies each to entities in Thailand and overseas that course of private knowledge for the supply of services or products in Thailand. Just like the GDPR, knowledge topics are assured rights, together with the suitable to be told, entry, rectify and replace knowledge; prohibit and object to processing; and the suitable to knowledge erasure and portability. Breaches might lead to fines between THB500,000 (U.S.$14,432) and THB5 million, plus punitive compensation. Sure breaches involving delicate private knowledge and illegal disclosure additionally carry felony penalties together with imprisonment of as much as one yr.  

Source link