posted 1 year ago
The Personal Data Protection Committee (PDPC) of Thailand has taken a significant step in enforcing the Personal Data Protection Act B.E. 2562 (2019) (PDPA) by issuing its first administrative sanction. This action marks a turning point in the implementation of data protection regulations in the country, particularly in light of ongoing concerns about personal data breaches and their exploitation by criminal entities such as call center scam operations.
The PDPC, in a press conference held on 21 August 2024, announced that it had imposed administrative fines of 7,000,000 baht on a large private corporation following a personal data breach incident. The company, which handles the personal data of over 100,000 individuals, was found to violate several key provisions of the PDPA.
The violations cited by the PDPC include:
The PDPC stated that it had imposed the maximum administrative penalties due to the scale of the data breach and the company’s lack of response following an initial warning. Additionally, the company has been ordered to implement remedial measures for affected data subjects.
This case is particularly noteworthy as it represents the first instance of the PDPC taking strong enforcement action since the PDPA came into full effect in 2022. It serves as a clear signal to both private and public sector organizations that compliance with data protection regulations is now being strictly monitored and enforced.
The PDPC also outlined its strategy for ongoing enforcement and compliance promotion. This includes the establishment of an offensive mechanism, termed “PDPA Eagle Eye,” which actively monitors for PDPA violations across both private and public sectors. Complementing this is a defensive mechanism, the PDPA Center, designed to provide advice, raise awareness, and receive complaints from affected individuals.
The Committee emphasized the importance of public participation in reporting suspected or known personal data breaches, underlining that data protection is a shared responsibility across society.
This landmark case may have further legal implications, as it opens the possibility for affected individuals to pursue class action lawsuits against the company in question. It also sets a precedent for future enforcement actions and underscores the PDPC’s commitment to safeguarding personal data in Thailand.
As organizations operating in Thailand process this development, it is clear that ensuring robust data protection measures and full compliance with the PDPA has become more critical than ever. The PDPC’s actions demonstrate that the era of strict enforcement of data protection laws in Thailand has begun in earnest.
Key Takeaways:
Stay informed with the latest legal developments at Global Law Experts
Author
Find the right Legal Expert for your business
Sign up for the latest legal briefings and news within Global Law Experts’ community, as well as a whole host of features, editorial and conference updates direct to your email inbox.
Naturally you can unsubscribe at any time.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Global Law Experts is dedicated to providing exceptional legal services to clients around the world. With a vast network of highly skilled and experienced lawyers, we are committed to delivering innovative and tailored solutions to meet the diverse needs of our clients in various jurisdictions.
Send welcome message
