Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
Personal Data Protection Act B.E. 2562 (Thailand)
Thailand's PDPA is the country's first broad data protection law, enacted in 2019 and fully effective since June 1, 2022. Modeled after GDPR, it establishes consent requirements, data subject rights, data controller and processor obligations, cross-border transfer restrictions, and a Personal Data Protection Committee (PDPC) as the enforcement authority. Non-compliance can result in criminal penalties including imprisonment.
Quick Reference
Key Requirements
Section 19 (Lawful Basis)
Personal data collection requires consent or one of the specified legal bases: vital interests, contract performance, public interest, legitimate interest, or legal obligation
Section 37 (Data Protection Officer)
Data controllers and processors must appoint a Data Protection Officer when processing large volumes of data, sensitive data, or data as a core activity
Section 28 (Cross-border Transfer)
Personal data may only be transferred to countries with adequate data protection standards, or with individual consent, or under specified exceptions
How Does Thailand PDPA Affect Cybersecurity Careers?
Thailand's growing digital economy makes PDPA compliance relevant for organizations operating in Southeast Asia. GRC analysts managing APAC compliance programs must include Thailand alongside Singapore, Japan, and South Korea. The criminal penalties (including imprisonment) make PDPA compliance particularly serious for senior executives.
Cybersecurity Roles That Work With Thailand PDPA
Related Cybersecurity Certifications
Related Cybersecurity Laws
Read the full text of Thailand PDPA at the official source: https://www.pdpc.or.th/
Frequently Asked Questions
What is Thailand PDPA in cybersecurity?
Thailand's PDPA is the country's first broad data protection law, enacted in 2019 and fully effective since June 1, 2022. Modeled after GDPR, it establishes consent requirements, data subject rights, data controller and processor obligations, cross-border transfer restrictions, and a Personal Data Protection Committee (PDPC) as the enforcement authority. Non-compliance can result in criminal penalties including imprisonment.
How does Thailand PDPA affect cybersecurity careers?
Thailand's growing digital economy makes PDPA compliance relevant for organizations operating in Southeast Asia. GRC analysts managing APAC compliance programs must include Thailand alongside Singapore, Japan, and South Korea. The criminal penalties (including imprisonment) make PDPA compliance particularly serious for senior executives.
What are the penalties for Thailand PDPA non-compliance?
Administrative fines up to THB 5 million (approximately $140,000); criminal penalties including imprisonment up to 1 year and fines up to THB 1 million; punitive damages up to double the actual damages
Educational Information Only
This page provides general educational information about cybersecurity laws and regulations. It does not constitute legal advice, legal interpretation, or a substitute for professional legal counsel. Laws change frequently. Always consult a qualified attorney and verify current requirements directly from official government sources before making compliance decisions. DecipherU is not a law firm and does not provide legal services.
Sources
Explore Related Cybersecurity Resources
Was this page helpful?
Get cybersecurity career insights delivered weekly
Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.
Get Cybersecurity Career Intelligence
Weekly insights on threats, job trends, and career growth.
Unsubscribe anytime. More options