Handling of Data Breach under Thai PDPACorporate Crisis Management Newsletter
The 2019 Personal Data Protection Act (the “PDPA”) is the first personal data protection law generally applicable to most private sectors in Thailand. The PDPA was issued on, and has been in force since, 27 May 2019. Most of its provisions were planned to become effective on 27 May 2020. However, due to the COVID-19 outbreak, a Royal Decree was issued on 21 May 2020 suspending enforcement until 31 May 2021. Since the PDPA addresses security measures in treatment of personal data, we analyze what likely would have happened had the PDPA been in effect at the time of a recent data breach case in Thailand.