Display mode (Doesn't show in master page preview)

24 May 2022

Econ Digest

Countdown to the PDPA… On June 1, 2022, the Personal Data Protection Act comes into force. What businesses are exempted?


        The countdown to the Personal Data Protection Act (PDPA) will come into force on June 1, 2022,. All units and large institutions have attached great importance to and are prepared to comply with enforcement to reduce litigation disputes, build a good image, and establish trust with service users. However, the operational guidelines set forth in the law may be difficult to implement for small businesses and non-profit organizations. Therefore, the law provides exemptions from the need to compile records of personal data processing activities, but small businesses and non-profit organizations still have responsibilities to protect personal data from disclosure and infringement.
        All businesses that obtain personal data from customers or users are governed by the Personal Data Protection Act. Any enterprise that leaks personal data or violates personal data rights will be fined, depending on the specific circumstances, and those responsible persons will be held criminally liable or even imprisoned.
At present, the Thai Personal Data Protection Commission is extensively receiving comments on the “Notice on the Exemption of Small Enterprises from the Requirements to Compile Records of Personal Data Processing Activities (draft)”, which stipulates that small enterprises and six types of non-profit organizations are not required to compile consent forms for collecting personal data of customers. This will help free up other follow-up processes such as not having to provide access to personal data subjects’ rights of use (correction/deletion/transmission of data) and not having to compile records of personal data processing activities for inspection by competent authorities.

        However, not all small businesses are exempted from compiling records of personal data processing activities. The main exempted businesses include: involved only for occasional services involving personal data, there is no risk that may affect the rights and freedoms of personal data subjects, and not engaged in the Internet Access service business and computer data storage service business, for example as follows:

        However, in the event of a data breach or violation of the rights of personal data subjects, no business can shirk their responsibilities. In this regard, please follow the minimum operating guidelines for the safekeeping of personal data to be published by the Personal Data Protection Commission.

Source:   Personal Data Protection Commission Notice on the Record Exemption for Small Business Personal Data
             Controllers (…Year) (Draft)
             Announcement of the Personal Data Protection Commission on Compiling a Record of Personal Data
             Processing Activities, Obtaining Consent from Personal Data Subjects for Access to Personal Data, and
             Notification of Personal Data Infringement (Draft)
             Announcement of the Personal Data Protection Commission on Security Standards for the Processing of
             Personal Data (Draft)

        The Personal Data Protection Act covers a wide range of protection on the rights of personal data subjects of all enterprises in Thailand and abroad. Therefore, there is still a lack of clarity in some aspects in the early stage of implementation, but its legislative intent to protect personal data is clear and provides for measures to provide compensation to a subject whose personal data has been infringed.

Source: https://www.mdes.go.th/mission/82

Scan QR Code

QR Code


This research paper is published for general public. It is made up of various sources. Trustworthy, but the company can not authenticate. reliability The information may be changed at any time without prior notice. Data users need to be careful about the use of information. The Company will not be liable to any user or person for any damages arising from such use. The information in this report does not constitute an offer. Or advice on business decisions Anyhow.

Econ Digest