top of page
  • Writer's pictureAdmin

Summary of PDPA laws that Entrepreneurs Should Know 企業家應該知道的個人資料保護法摘要

Personal Data Protection Act (“PDPA”) is a law that aims to preserve personal information in order to prevent malicious people from infringing personal information and intimidating or seeking benefits either from the owner of the data himself or from the person in charge of the data. The Personal Data Protection Act B.E.2562 (2019) came into force on May 1, 2020 but only in some categories. Due to the impact of the Covid-19, the original enforcement has been postponed to May 31, 2021, and has been officially announced on June 1, 2022.

《個人資料保護法》(“PDPA”)是一項旨在保護個人資訊、防止惡意人員侵犯個人資訊,用於恐嚇或向數據所有者或數據負責人謀取利益的法律。佛曆2562年(2019)《個人資料保護法》於 2020 年 5 月 1 日生效,但僅限於某些類別。受Covid-19的影響,原執行時間推遲到2021年5月31日,並已於2022年6月1日正式宣布。

Ø Penalties for non-compliance with PDPA

未遵守 PDPA 的處罰

The Data subject should consider carefully before providing his/her personal information each time to prevent the personal data from being used in unlawful ways. In addition, data controller must know the extent of access to the customer's personal information. A company should have a system to control or to verify the identity of access of information, and it is necessary to set corporate policies for those who are responsible for keeping or accessing customer personal information to comply with PDPA. Failure to comply with PDPA will be considered an offense under the following laws:


· Civil penalties: for actual damages and may be subject to additional compensation up to a maximum of 2 times the actual damages;


· Criminal penalties: imprisonment for a maximum of 1 year or a fine of not more than 1 million baht, or both;


· Administrative penalties: a maximum fine of not more than 5 million baht;


Ø Who will be deemed to be involved in personal data?


Private and Government (individuals or juristic persons), including juristic persons established in foreign countries which collect, use, disclose and /or transfer the personal information of persons in Thailand, which can be divided into 4 parts as follows:


· Data Subject is the owner of the information;


· Data Controller is an individual or juristic person who has the authority to make “decisions” regarding the collection, use, or disclosure of personal data;


· Data Processor is an individual or juristic person that processes the collection, use, or disclosure of personal data. “According to the order or on behalf of the Personal Data Controller”, the person or legal entity doing so must not be a controller of personal data;


· Data Protection Officer is an officer of a government agency to check whether the operator has complied with the PDPA or not;


Ø How can organizations use information legally?


For information that the company can use for various marketing activities that does not violate PDPA, it must be information that the owner of the information has already given consent to or be allowed to use it. Such information is prohibited from obtaining from other sources without the consent or permission of the data subject. The permission to use information from the data owner can be either being requested in written or online data collection, provided that the content about permission must be easy to read and understand clearly.[1]

公司可用於各種營銷活動且未違反PDPA的資訊,必須是資訊所有者同意或允許使用的資訊。 未經當事人同意或許可,嚴禁從其他來源獲取此資訊。向當事人請求使用資訊的許可,可以通過書面或線上資訊收集,前提是許可的內容必須易於閱讀和清楚地理解。

Ø The exceptions to which the Company can disclose personal information of customers are as follows:[2]


1. Obtain consent of the owner of the personal data;


2. Prepare historical documents or archives for the public benefit research studies or statistical preparation;


3. Prevent or suppress danger to life, body, or health of a person;


4. Necessary to perform a law or contract;


5. Necessary for the legitimate interests of the personal data controller or of another person;


6. Necessary for the public interest and the performance of duties in the exercise of state power;


The existence of the Personal Data Protection Act B.E.2562 (2019) is to protect the right for the unauthorized use of personal data and to prevent exploitation from the misuse of the information. The data owner or the data controller should know the details of PDPA. This Act is intended for the benefit and security of personal information for businesses to be more respectful of the use of customer information in order to prevent misuse or exploitation of customer's personal information.


[1] Section 19 of the Personal Data Protection Act B.E. 2562. [2] Section 24 of the Personal Data Protection Act B.E. 2562.

#personaldataprotection #PDPA #personaldataprotectioninthailand #personaldataprotectionact #thaicourt #civillawsuit #criminallawsuit #個人資料保護 #泰國個人資料保護 #個人資料保護法 #泰國法院 #民事訴訟 #刑事訴訟 #泰國中文律師 #IBC法律金融會計事務所 #泰國律師 #泰國法律事務所 #泰國律師事務所 #泰國會計 #泰國審計 #泰國會計事務所 #泰國審計事務所 #法律顧問 #泰國會計師 #泰國華人律師事務所 #thaiaccountant #thailawyer #thailaw #泰國稅務 #IBCFirm #ThaiLawFirm #ThaiAccountingFirm #thaiauditfirm

34 views0 comments

Recent Posts

See All

外國投資人如在泰國開展外國人公司業務需要申請外商營業執照,可通過三種方式取得執照 1. 從事第二類或第三類活動。或 2. 公司每項業務的最低資本為 1 億泰銖,公司可以在沒有執照的情況下營業,但是公司必須在開業之前通知國外商業部。 3. 公司須向國外商業部委員會提交申請函。

bottom of page