The 2019 Personal Data Protection Act (the “PDPA”) is the first personal data protection law generally applicable to most private sectors in Thailand. The PDPA was issued on, and has been in force since, 27 May 2019. Most of its provisions were planned to become effective on 27 May 2020. However, due to the COVID-19 outbreak, a Royal Decree was issued on 21 May 2020 suspending enforcement until 31 May 2021. Since the PDPA addresses security measures in treatment of personal data, we analyze what likely would have happened had the PDPA been in effect at the time of a recent data breach case in Thailand.
Contents
Handling of Data Breach under Thai PDPA (Jun Katsube、Chanakarn Boonyasith、Pitchabsorn Whangruammit)
- It is also available in PDF.
-
Corporate Crisis Management Newsletter / Asia Newsletter (August 31, 2020) (853 KB / 5 pages)
Download PDF [854 KB]
Jun is a partner in our corporate crisis management practice, who handles domestic and overseas corporate crisis management matters, including conducting internal investigations, responding to relevant authorities and stock exchanges, the media, handling labor disputes, representing companies in relevant legal proceedings in relation to various corporate misconduct matters, such as quality falsification issues by manufacturing companies, financial fraud issues, etc. Jun has experience as a member of an investigation committee on corporate misconduct. Jun was previously seconded to a global trading company, and he has extensive experience in handling cross-border corporate crisis management matters and establishing global compliance programs. Jun is also a partner in our energy and natural resources practice, where he mainly advises utility companies, including providing advice on domestic and overseas investments, contracts, regulations, and disputes in relation to energy and natural resources.