Thailand: Implemented Personal Data Protection Act (PDPA) including data protection authority governance

On 1 June 2022, the Personal Data Protection Act (PDPA) will enter into force. The PDPA introduces the "Personal Data Protection Committee" as the main regulator for data protection, and is delegated to determine measures and sanctions concerning PDPA compliance and establish guidelines for personal data controllers and processors. The PDPA establishes the main legal bases to process personal data (consent, contract, public interest, legitimate interest of data controller). The Personal Data Protection Committee shall be established within 90 days from the adoption of the law and must start enforcing the PDPA within one year from the law promulgation.