The Personal Data Protection Act (PDPA) B.E. 2562 (2019) is the data protection law that protects citizens’ (or data subjects) personal data and gives them their right to privacy. It establishes the appropriate security and safety standards for personal data protection. Additionally, the data will be used according to the consent that the owner of the personal information is permitted by law. The Personal Data Protection Act B.E. 2562 was published on May 27, 2019, in Thailand’s Government Gazette and became effective on June 1, 2022. 

PDPA or Personal Data Protection Act, B.E. 2562 (2019) will play a significant role in personal data protection as well as give the rights to personal data privacy. Furthermore, it also regulates the collection, use, disclosure, and/or transfer of personal data by businesses (data controllers or data processors) for commercial purposes. In case the data controller fails to comply with the legal requirements under the PDPA, there will be legal penalties consisting of civil penalties, criminal penalties, and administrative penalties. Therefore, everyone must acknowledge the Personal Data Protection Act and consider rights to their data, especially organizations, companies, stores, or platforms that have to collect personal data, including buyers, users, or employees who work in the organization.

Organizations and agencies will be moderately affected by the adoption of PDPA to standardize their data privacy policies and implement them for purposes based on the consent that the data subject has provided. Most importantly, it must be PDPA compliant. Therefore, the process of adopting PDPA in the organization is not an easy task to implement within a short time, especially for large organizations that have used and collected a large amount of personal data.

In conclusion, the primary goal of the Personal Data Protection Act (PDPA) is to protect personal data privacy and security. Additionally, to ensure that the personal data is appropriately used according to the actual needs and consent of the data subject. However, the data subject should carefully consider before giving personal data. For example, the data subject should consider the purpose and appropriation of the personal data provided. In case, the personal data requested is unrelated to the purpose. The data subject can refuse to provide the information to prevent misuse or exploitation. 

Mr.Chaiyos Sincharoenkul

President

The Thai Rubber Association