Samata Masagee, Komson Suntheeraporn, Nahsinee Luengrattanakorn, and Thawalkorn Pattanachote of DLA Piper write:
The Personal Data Protection Act B.E. 2562 (2019) (PDPA) came into effect since 28 May 2019 with most provisions scheduled to take full effect on 27 May 2020. Previously, the enforcement of the PDPA for 22 types of businesses listed here1 has been postponed to 31 May 2021.
On 5 May 2021, the Cabinet has approved a draft royal decree proposing to postpone the enforcement of the PDPA for another year, making the PDPA fully enforceable from 1 June 2022 onwards. The Ministry of Digital Economy and Society (MDES) has requested for a second postponement after the PDPA was expected to be in force this upcoming June, citing the impact of the COVID-19 pandemic on organisations in Thailand. More specifically, the MDES recognised that it would be too onerous for organisations in the private sector (especially SMEs) and public sector to comply with the requirements under the PDPA, on top of dealing with the current COVID-19 situation in Thailand.
Read more on Privacy Matters.