skip to Main Content


The Personal Data Protection Act (PDPA), came into force on May 27th, 2020. Much like GDPR, individuals in Thailand have the right to control how their personal data is collected, stored and disseminated. The act protects the privacy of individuals and manages personal data collected by organisations and companies, while individuals have the right to know which organisations have their data, give consent for their data to be used and shared.

The act also mirrors the GDPR’s extraterritorial applicability, and applies to data controllers and data processors outside of Thailand if they process personal data of data subjects, offer goods and services to, or monitor behaviour of the data subjects within Thailand.

Fines are a maximum penalty of approximately €149,000. However, there is the possibility of imprisonment depending on the offence of up to 1 year.

For updates on changes in legislation
Sign Up for Vox updates on PDPA

Follow the Legislative updates by clicking on the link to the the PDPA updates website