Thailand: Entry into force with grace period of Personal Data Protection Act (PDPA) including data transfer provisions

Entry into force with grace period of Personal Data Protection Act (PDPA) including data transfer provisions

On 27 May 2019, the Personal Data Protection Act (PDPA) is published in the Thai Official Gazette. Data controllers and processors must keep records of their personal data processing activities, including key information such as the controller's details, processing purposes, collected data, access rights, retention periods, and security measures, and if a foreign entity, must designate a local representative in Thailand to perform these duties.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cross-border data transfer regulation

Regulated Economic Activity

cross-cutting

Implementation Level

national

Government Branch

legislature

Government Body

parliament

Complete timeline of this policy change

Hide details

2019-05-27

adopted

On 27 May 2019, the Personal Data Protection Act (PDPA) is published in the Thai Official Gazette. …

2020-05-21

adopted

The Thai Cabinet of Parliament approved a Royal Decree establishing that personal data controllers …

2021-05-08

adopted

On 8 May 2021, a decree postponing the implementation of the Personal Data Protection Act was publi…

2022-06-01

in force

On 1 June 2022, the Personal Data Protection Act (PDPA) will enter into force. The PDPA establishes…

Description

Entry into force with grace period of Personal Data Protection Act (PDPA) including data transfer provisions

Scope

Complete timeline of this policy change