Skip to main content
  • Corporate Crisis Management
Read in Japanese

Handling of Data Breach under Thai PDPA

The 2019 Personal Data Protection Act (the “PDPA”) is the first personal data protection law generally applicable to most private sectors in Thailand. The PDPA was issued on, and has been in force since, 27 May 2019. Most of its provisions were planned to become effective on 27 May 2020. However, due to the COVID-19 outbreak, a Royal Decree was issued on 21 May 2020 suspending enforcement until 31 May 2021. Since the PDPA addresses security measures in treatment of personal data, we analyze what likely would have happened had the PDPA been in effect at the time of a recent data breach case in Thailand.

Contents

Handling of Data Breach under Thai PDPA (Jun KatsubeChanakarn BoonyasithPitchabsorn Whangruammit)

This article is also available in Japanese.

It is also available in PDF.
Corporate Crisis Management Newsletter / Asia Newsletter (August 31, 2020) (853 KB / 5 pages) Download PDF [854 KB]

Authors

勝部 純

Jun is a partner in our corporate crisis management practice, who handles domestic and overseas corporate crisis management matters, including conducting internal investigations, responding to relevant authorities and stock exchanges, the media, handling labor disputes, representing companies in relevant legal proceedings in relation to various corporate misconduct matters, such as quality falsification issues by manufacturing companies, financial fraud issues, etc. Jun has experience as a member of an investigation committee on corporate misconduct. Jun was previously seconded to a global trading company, and he has extensive experience in handling cross-border corporate crisis management matters and establishing global compliance programs. Jun is also a partner in our energy and natural resources practice, where he mainly advises utility companies, including providing advice on domestic and overseas investments, contracts, regulations, and disputes in relation to energy and natural resources.

チャナカーン・ブーンヤシット

Chanakarn has particular in-depth expertise in the practical side of the legislative system of labour & employment law and personal data protection law. For the Labour & Employment practice, she engages in both advisory work and litigation, as well as drafting and reviewing legal documents, negotiating settlements, interviewing employees (particularly those accused of wrongdoing), managing whistleblowing hotlines and processes, providing trainings and various types of employment law advice, and representing clients in numerous court cases and in hearings before the labour authorities. For the Personal Data Protection practice, she assists her clients through the entire process, from providing training, analysing how clients handle personal data transactions, summarising clients’ data flow, providing legal advice, and drafting necessary legal documents for her clients. Chanakarn’s strategy is to provide detailed, accurate advice and flexible solutions, adapted to meet her clients’ needs. She excels in simplifying complex matters and equipping her clients to make the right decisions. She receives consistently strong feedback from her clients regarding the quality of her work. She has been ranked for labour and employment practice in Chambers Asia Pacific 2022 and 2023.