Enforcement of the Personal Data Protection Act (PDPA)

The Personal Data Protection Act (PDPA), B.E. 2562 (2019) aims to encourage the government sector and private sector to use personal information safely and in accordance with international standards.

PDPA determines the duties of government agencies and private organizations as a Data Controller or Data Processor and protects the rights of the people known as a Data Subject, in order to maintain the legitimate balance between organization’s use of personal data and people’s privacy rights.

However, complex arrangements and advanced technology are required to efficiently implement this law. With such challenge together with the extensive impact from global pandemic COVID-19, the Personal Data Protection Act has been postponed the enforcement two times. And it makes the Data Controller and Data Processor question whether the PDPA will be postponed again?

From February to September 2021, the Ministry of Digital Economy and Society and Chula Unisearch of Chulalongkorn University jointly organized the public hearing seminar for preparation of the Subordinate Regulations under the Personal Data Protection Act via online meeting. This considered an important reminder to all organization which encourages them as Data Controllers or Data Processors to start preparing and making arrangement for the compliance of the Personal Data Protection Act which will become effective on June 1, 2022.

Author: Booadtharmarkorn C., Legal Technology Counselor.