thailand-pdpa
Installation
SKILL.md
Thailand PDPA Compliance
Overview
Thailand's Personal Data Protection Act B.E. 2562 (PDPA), published in the Royal Gazette on 27 May 2019, became fully effective on 1 June 2022 after two postponements from the original 2020 effective date. The PDPA applies to the collection, use, and disclosure of personal data by data controllers and data processors in Thailand, and extraterritorially where activities target data subjects in Thailand (Section 5).
The Personal Data Protection Committee (PDPC, คณะกรรมการคุ้มครองข้อมูลส่วนบุคคล) is the supervisory authority established under Section 8. The Office of the Personal Data Protection Committee (OPDPC) serves as the operational secretariat.
Lawful Bases for Processing (Section 24)
| Basis | Section | Detail |
|---|---|---|
| Consent | Section 19 | Explicit consent; freely given, specific, informed; written or electronic; may be withdrawn at any time |
| Contract performance | Section 24(3) | Necessary for performance of a contract to which the data subject is a party |
| Vital interests | Section 24(4) | Necessary to prevent or suppress danger to life, body, or health |
| Public task | Section 24(4) | Necessary for public interest tasks or exercise of official authority |
| Legitimate interest | Section 24(5) | Legitimate interests of the controller or third party, balanced against data subject's fundamental rights |
| Legal obligation | Section 24(6) | Compliance with a law to which the controller is subject |
| Archiving/research | Section 24(1) | Necessary for archiving, research, or statistics in the public interest with appropriate safeguards |
Related skills