But what does it mean for business? The PDPA has drawn many elements from the European Union’s GDPR but from a Thai perspective. If your company has already adjusted for compliance with the GDPR it is a good starting point but there are differences and compliance with the GDPR does not mean you are in compliance in Thailand.
It affects both onshore and offshore entities with very few exceptions so anyone doing business in or with Thai nationals and residents needs to examine their data protection policies for compliance.
It is important to note that the act includes both criminal and administrative penalties including both actual and punitive damages – the Act has teeth so operators need to ensure they are in compliance.