PDPA: General Data Protection in Thailand

The Personal Data Protection Act 2019 (PDPA) is the general data protection law in Thailand.



What is PDPA?

PDPA is the General Data Protection Law in Thailand, The Personal Data Protection Act 2019.

The PDPA is privacy and general data protection law in Thailand similar to EU GDPR.

Who does the PDPA apply to?

The PDPA applies to the collection, use, or disclosure of personal data in Thailand by organisations regardless of whether the collection, use or disclosure of personal data takes place in Thailand or not.

Like GDPR, the law applies to global organisations who have consumers and users in Thailand.

The PDPA requires that explicit consent be obtained for the collection of ‘personal data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner, as prescribed by the PDPC’.

  • The consent must be given freely
  • The user must be informed about the purpose of collection and processing of data
  • The request must be clear, in plain language, non-deceptive, and non-misleading

The Personal Data Protection Act (PDPA) Timeline

  • May 27, 2021: Enforcement of The Personal Data Protection Act 2019

The Personal Data Protection Act (PDPA) fines

The maximum penalty for non-compliance is a fine not exceeding THB 5 million (€149,000).

Yes. PDPA requires that explicit consent. You can use the build-in features of UniConsent CMP to collect and manage the consent and privacy preference to compliant with Thailand PDPA.

Trusted by 1000s of global publishers and marketers

Get started to make your website compliant for EU GDPR, US CCPA.

Sign up