TAX AND LEGAL
The Thailand Personal Data Protection Act – and What It Means for Business
On 28 February, the National Legislative Assembly approved the Personal Data Protection Act (“PDPA”). The Act is aimed at regulating the lawful collection, use, or disclosure of personal data that can directly or indirectly identify a natural person – but does not apply to the data of a deceased person. This Act also provides a framework how to process the personal data. The PDPA, which in many ways resembles a similar initiative in Europe (the General Data Protection Regulation, known as GDPR), requires a data controller (a natural person or a legal person), who has the authority to decide to collect, use, or disclose the personal data, to follow guidelines in an effort to protect each data owner.