Personal Data Protection Act in Thailand B.E.2562 (2019)
The main reason for the promulgation of this Act is the prolific violations of privacy rights regarding personal information. Additionally, the advancement of technology made the collection, use or disclosure of personal information easier and quicker, causing damage to the overall economy. Hence, it is just appropriate to have a law on personal data protection to establish rules, mechanisms and regulatory measures.
Below are three important topics under this Act;
- Data collector must clarify the data to be collected and must obtain permission from the data owner to be able to use and access the owner’s information.
- The data collector must keep the information confidential.
- The data owner can revoke the data collector’s right to access his/her personal data. Data owner can also request to delete or destroy data according to his/her needs at any given time.
In the future, the Office of the Personal Information Protection Commission will issue regulations and guidelines of cyber security for organizations that use personal information. Therefore, organizations are expected to adapt and develop cyber security policies to international standards in order to be certified according to ISO 27001 or ISO 29100.
The Personal Data Protection Act in Thailand will be effective on 27 May 2020.