THAILAND Law and Practice Contributed by: Pranat Laohapairoj, Suphakorn Chueabunchai and Pitchaya Roongroajsataporn, Chandler Mori Hamada
Chandler Mori Hamada Limited 17th and 36th Floors Sathorn Square Office Tower 98 North Sathorn Road Silom Bangrak Bangkok 10500 Thailand Tel: +662 009 5000 Fax: +662 009 5080 Email: business-development@morihamada.com Web: www.chandler.morihamada.com 1. Legal and Regulatory Framework 1.1 Overview of Data and Privacy- Related Laws The Personal Data Protection Act BE 2562 (2019) (PDPA) is the primary law regulating the processing of personal data in Thailand. Similar to other jurisdictions, “personal data” in Thailand is defined as any data that, by itself or in com - bination with other data, can be traced back to an individual, excluding the data of deceased persons. The PDPA focuses on the protection of data subjects whose personal data is processed – including by collection, storage, use, disclo - sure, etc – regardless of the original source of such personal data. Entities that make decisions and process personal data (known as “Person - al Data Controllers” or “controllers” under the PDPA) are required to have a lawful basis for processing any personal data and to maintain proper security measures to prevent any loss, unauthorised access, use or disclosure of per - sonal data. These requirements also apply to
service providers who process personal data as instructed by or on behalf of a controller (known as “Personal Data Processors” or “processors” under the PDPA). The PDPA, which is mainly based on the General Data Protection Regulation (GDPR) of the Euro - pean Union (EU), has created obligations on the private sector and government (ie, both Personal Data Controllers and Personal Data Processors) regardless of the mode of processing (ie, both automated and non-automated processing), especially regarding burden of proof. The PDPA itself applies to most activities, with certain exemptions such as: • household activities; • the operation of public authority for public safety; and • media and fine arts activities that are in accordance with professional ethics. For businesses regulated by specific supervi - sory authorities (such as banks and insurance businesses), the PDPA allows those supervisory
459 CHAMBERS.COM
Powered by FlippingBook