Jutharat Anuktanakul
TEL +66-2-009-5000 Ext. 3324
Pranat Laohapairoj
TEL +66-2-009-5000 Ext. 3324
Chotiwut Sukpradub
TEL +66-2-009-5000 Ext. 3103
Kiratika Poonsombudlert
TEL +66-2-009-5000 Ext. 3321
Chandler MHM Limited
36th Floor, Sathorn Square Office Tower
98 North Sathorn Road Silom, Bangrak, Bangkok 10500

The Personal Data Protection Act, B.E. 2562 (2019) (“PDPA”) has been effective since May 28, 2019. However, most of its provisions were not due to become effective until one year thereafter, ie May 27, 2020. The PDPA, which adopts many of the same concepts as the European Union’s General Data Protection Regulation (“GDPR”) and other international standards, aims to protect the personal data of a natural person in three main areas ie (i) how the data is acquired; (ii) rights of the data subject; and (iii) security of data storage systems and data transfers.

However, it was announced on May 19, 2020 that the cabinet has approved a draft Royal Decree (“RD”) proposing to postpone the enforcement of the PDPA for another year for 22 business industries. The postponement is effective from May 27, 2020 until May 31, 2021.

According to the Cabinet resolution, the reasons for this postponement are varied including the lack of readiness on the part of operators to comply with the PDPA, the need to use advanced technology that many operators are not equipped for, and the fact that the PDPA entails numerous requirements that need to be studied and understood thoroughly for effective implementation. Therefore, the Cabinet deemed that another one-year transition period should be granted.

According to the summary of the Cabinet resolution, the draft of the RD prescribes that Chapter 2 (Personal Data Protection), Chapter 3 (Use or Disclosure of Personal Data), Chapter 5 (Filing of Complaints), Chapter 6 (Civil Liability), Chapter 7 (Punishment) and Section 951 of the PDPA will not be enforced against the following organisations and businesses:

  1. governmental agencies;
  2. foreign governmental agencies and international organisations;
  3. foundations, associations, religious organisations; non-profit organisations;
  4. businesses relating to agriculture;
  5. businesses relating to industry;
  6. businesses relating to commerce;
  7. businesses relating to medicine and public health;
  8. businesses relating to energy, steam, water and waste disposal and related businesses;
  9. businesses relating to construction;
  10. businesses relating to repairs and maintenance;
  11. businesses relating to transportation, logistics and goods storage;
  12. businesses relating to tourism;
  13. businesses relating to communications, telecommunications, computers and digital;
  14. businesses relating to finance, banking and insurance;
  15. businesses relating to real estate;
  16. professional occupations;
  17. businesses relating to management and supporting services;
  18. businesses relating to science and technology, academia, social administration and arts;
  19. businesses relating to education;
  20. businesses relating to entertainment and recreation;
  21. businesses relating to security service; and
  22. household businesses and community enterprises which cannot be clearly categorised.

If it is uncertain whether an organisation or a business qualifies as an exempt business, the Personal Data Protection Commission will be empowered to determine this.

It should be noted, however, that according to the said summary, data controllers are still required to provide data security measures that are in accordance with the standard described by the Ministry of Digital Economy and Society. However, as of the date of this newsletter, such standard has not been prescribed yet.

This newsletter only provides a brief analysis. Please contact the authors if you require further information on the issues raised in this publication or related issues.




1. Section 1 95 “For the personal data collected by the personal data controller before the date the PDPA comes into force, the personal data controller can further collect and use such personal data according to the existing purpose, provided that the personal data controller shall set up a method for consent revocation and disseminate and publicise the same to the personal data owners who do not allow the personal data controller to collect and use the said personal data to ensure that they can easily give a notice of consent revocation. The disclosure and other arrangements which are not related to the collection and use of the personal data under paragraph one shall be in compliance with the PDPA.”

This newsletter is intended to highlight an overview of key issues for ease of understanding, and not for the provision of legal advice. If you have any questions about this newsletter, please contact your regular contact persons at Mori Hamada & Matsumoto or Chandler MHM Limited. If you should have any inquiries about the newsletter, or would like more information about Chandler MHM Limited, please contact

Related Articles by Firm
New regulation on the prohibition of sales of alcoholic beverages online
In line with evolving trends in technology, certain entrepreneurs and retailers have started using online channels to sell alcoholic beverages, which makes it difficult to ensure the sale of such beverages is in accordance with existing laws ...
Nok Air Rehabilitation Proceedings – Updates for Creditors and Lessors
As the global travel industry continues to grapple with the effects of COVID-19, many companies are now beginning to seek protections under various insolvency regimes ...
Procurement of power from community-based power projects
These projects are intended to help generate and distribute income to local communities and promote their participation in local power projects.
Updated standards for e-meeting security
The Emergency Decree requires that electronic meetings follow the security protocols set forth under a notification from the Ministry of Information and Communication Technology.
Waste to energy projects in Thailand
A brief overview of the legal issues related to the development of a municipal solid waste to energy project.
Scrutinising CP Group’s acquisition of Tesco
The decision of Thailand’s competition authorities will set a precedent regarding merger control and provide clarity on market definitions.
PPP projects in Thailand’s EEC
Thailand will continue to aggressively move forward with legislation that streamlines implementation of important PPP projects. This legislative trend presents new opportunities for foreign and local investors alike, with a focus particularly in Thailand’s infrastructure sector ...
Community-based power projects in Thailand
A feed-in tariff scheme for power generated by community-based projects has been approved.
Thailand Plus incentives under BOI
The two new incentives encourage companies to move from overseas to Thailand.
Thailand’s OTCC issues first industry-specific conduct guidelines
Guidelines on the conduct between wholesale and retail business operators and their trade partners announced by the Office of Trade Competition Commission.
Amendment to the Consumer Protection Act 
The Act strengthens the law relating to the safety of products and services.
Personal Data Protection Act published in the Government Gazette
Business operators should ensure that their businesses comply with the PDPA.
Amendment to Thai Arbitration Act
The Amendment expands the ability of foreign arbitrators and representatives to act in arbitral proceedings.
Update on Stamp Duty regulating electronic transactions
A new notification requires parties who enter certain electronic transactions to pay stamp duty in cash.
Ministerial Regulation removing back office services from the Foreign Business Operations Act announced
Certain back office service businesses will no longer require a foreign business licence.
Developments in Thai M&A
Corrupt practices, environmental breaches and merger filing are becoming more significant priorities for clients ...
Thailand: Projects and Energy
Commentary on the latest developments in the Thai projects and energy sector ...
Secondary laws under the Trade Competition Act BE 2560
The enactment of these five Notifications represents a significant leap of progress.
Thailand Update: Amendment to Work Permit Law
In response to criticism, the government decided to amend the Emergency Decree on Managing of Foreigners with relaxed penalties ...
Leasing of residential buildings − A contract-controlled business
The Contract Committee of The Consumer Protection Board recently announced a new Notification which designates the lease of residential property as a “contract-controlled business”.
New Mining Regulations for Thailand
On 30th January 2018, the Ministry of Industry issued a new notification regarding prohibited actions for foreigners ...
Mergers and acquisitions in Thailand
A number of factors are making Thailand a target of choice for international and regional investment ...
Thailand Anti-Corruption Update
National Anti-Corruption Commission Guidelines to Supplement Section 123/5 of the Organic Act on Counter Corruption ...
Amendment to the Thai Civil and Commercial Code
Part IX: Combination of Limited Companies ...
Thailand: Amendment to the Public Company Act
The National Council for Peace and Order has considered the lack of clarity on conditions, procedures and time limitations related to the laws governing business operations ...
Thailand: The Act on the Amendment to the Civil Procedure Code (No. 30) B.E. 2560 (2017)
There are a number of amendments to the current Civil Procedure Code (CPC) as part of its legal execution ...
Projects & Energy Special Report: Thailand: New Minerals Act
A new Minerals Act (BE 2560 (2017) was published on March 2, 2017 and took effect on August 30, 2017 (180 days after the publication date) ...
Thailand: ERC Announcement - Purchase of Electricity From Hybrid-Renewable Energy Small Power Producers
The Energy Regulatory Commission (ERC) issued an invitation to bid for the sale of electricity from Hybrid-Renewable Energy Small Power Producers (SPP) on 4 August 2017 ...
Thailand: New Amendment to the Labor Law
The Labor Protection Act B.E. 2541 (“LPA”) was first enacted in February 1998; the LPA has been amended several times ...
Thailand: Extension of the Reduced VAT Rate
Value added tax (VAT) is an indirect, non-cumulative, consumption tax levied on the supply of goods or provision of services in Thailand ...
Thailand: Ten year visa extension
Due to the rapidly increasing number of foreign senior-citizens seeking Thailand as a retirement destination, Thailand’s Cabinet recently approved the ten-year retirement visa extension ...
Thailand: The New Trade Competition Act
On 24 March 2017, the National Legislative Assembly (the “NLA”) in Thailand passed the final reading of the draft Trade Competition Act ...
Thailand: Amendment to BOI Act to create new BOI benefits
The Thai government has recently been promoting “Thailand 4.0”, which refers to creative and innovative industries ... as a master plan to pull Thailand out of the middle-income trap and toward becoming a high-income country ...
Energising Thailand’s M&A sector
With a focus on the energy and natural resources sector, Chandler & Thong-ek Partner Ratana Poonsombudlert answers our questions on Thailand’s M&A present and future
Related Articles
Related Articles by Jurisdiction
Thailand Plus incentives under BOI
The two new incentives encourage companies to move from overseas to Thailand.
Latest Articles