Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
EU - Thailand: GDPR v. PDPA
In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and Personal Data Protection Act, B.E. 2562 (2019) (PDPA).
The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the PDPA with the GDPR.
You can access the latest version of the report here.
What is the PDPA?
The PDPA is the first consolidated legislation providing general data protection within Thailand and entered into effect on June 1, 2022. The introduces obligations for data controllers and data processors including lawful grounds for data collection, use, and disclosure, restrictions on data transfers to foreign countries, and requirements for breach notification, as well as rights for data subjects.
Key highlights
The PDPA and the GDPR share some similarities, as follows:
- both have similar provisions regarding the scope and responsibilities of data controllers and data processors;
- provide limitations and exceptions for the cross-border transfer of personal data to a third country or international organization;
- require controllers and processors to keep records of their processing activities; and
- require a legal basis for the processing of personal data.
However, despite their similarities, the PDPA and the GDPR also differ in certain respects, including:
- the PDPA doesn't provide a definition of pseudonymized data;
- in terms of penalties, the amounts differ significantly and the PDPA outlines both criminal and non-criminal penalties; and
- both laws have several differences regarding the implementation of the right of access.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
