PDPA is the General Data Protection Law in Thailand, The Personal Data Protection Act 2019.
The PDPA is privacy and general data protection law in Thailand similar to EU GDPR.
The PDPA applies to the collection, use, or disclosure of personal data in Thailand by organisations regardless of whether the collection, use or disclosure of personal data takes place in Thailand or not.
Like GDPR, the law applies to global organisations who have consumers and users in Thailand.
The PDPA requires that explicit consent be obtained for the collection of ‘personal data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the PDPC’.
The maximum penalty for non-compliance is a fine not exceeding THB 5 million (€149,000).
Yes. PDPA requires that explicit consent. You can use the build-in features of UniConsent CMP to collect and manage the consent and privacy preference to compliant with Thailand PDPA.