Thailand Establishes Personal Data Protection Commission

Thailand has completed the establishment of the Personal Data Protection Commission (PDPC), the regulator under the country’s Personal Data Protection Act B.E. 2562 (PDPA), strongly indicating that the planned full enforcement of the PDPA on June 1, 2022, is likely to proceed as scheduled.

The establishment of the PDPC was finalized on January 18, 2022, when the Announcement of the Prime Minister’s Office on the Appointment of Chairperson and Honorary Members of the PDPC was published in the Government Gazette.

As stipulated in the PDPA, the PDPC consists of:

• The chairperson, appointed based on knowledge, skills, and experience;
• The vice-chairperson, who is the permanent secretary of the Ministry of Digital Economy and Society;
• Five commission members, designated based on their positions in certain government agencies (as prescribed under the PDPA); and
• Nine honorary commission members appointed based on knowledge, skills, and experience in personal data protection, consumer protection, technology and telecommunication, social science, law, health, finance, or other relevant fields.

As the vice-chairperson and the five commission members are appointed to the PDPC based on their positions, the January 18 announcement appointing the chairperson and the nine honorary commission members completes the formation of the PDPC.

The full enforcement of the PDPA has been previously postponed, and many businesses had expressed concern that another extension would be forthcoming before the current enforcement date. However, the successful establishment of the PDPC is a fundamental prerequisite to enforcement and indicates that the effective date of the PDPA on June 1, 2022, is unlikely to be further postponed. In addition, the PDPA’s draft subordinate regulations that were the subject of a series of public hearings last year are likely to be issued in the near future.

Companies and other organizations that are not yet compliant with the PDPA should now assess their current practices for handling and processing personal data in order to ensure that any compliance gaps can be closed or minimized before the full enforcement date.

By Nopparat Lalitkomon, Gvavalin Mahakunkitchareon & Thammapas Chanpanich, Tilleke & Gibbins, Thailand, a Transatlantic Law International affiliated firm. 

For further information or for any assistance please contact thailand@transatlanticlaw.com

Disclaimer: Transatlantic Law International Limited is a UK registered limited liability company providing international business and legal solutions through its own resources and the expertise of over 105 affiliated independent law firms in over 95 countries worldwide. This article is for background information only and provided in the context of the applicable law when published and does not constitute legal advice and cannot be relied on as such for any matter. Legal advice may be provided subject to the retention of Transatlantic Law International Limited’s services and its governing terms and conditions of service. Transatlantic Law International Limited, based at 42 Brook Street, London W1K 5DB, United Kingdom, is registered with Companies House, Reg Nr. 361484, with its registered address at 83 Cambridge Street, London SW1V 4PS, United Kingdom.