The Personal Data Protection Act B.E. 2562 (2019) sets out the requirements for personal data protection that businesses established in Thailand, and foreign businesses carrying out commercial activities in Thailand, must comply with. To help clients mitigate PDPA compliance risks, we provide strategic legal advice on PDPA readiness, implementation documentation, and ongoing compliance support. We also provide emergency legal support and advice on incident responses (internal, external and regulatory) following personal data breach events.
We regularly assist clients in relation to the full spectrum of data privacy matters:
- Conducting PDPA compliance review based on the client’s data processing activities and documentation, identifying gaps against PDPA requirements, and providing practical recommendations together with an implementation roadmap tailored to the client’s operations.
- Preparing PDPA implementation documents, including Privacy Policies, Cookies Policies, consent documentation, and forms/procedures for handling data subject requests, aligned with the client’s data processing practices.
- Drafting and reviewing data protection terms in vendor and commercial arrangements, including data processing agreements and controller–processor clauses.
- Delivering tailored training for management and operational teams to support PDPA implementation and day-to-day compliance.
- Advising on cross-border transfers of personal data, including intra-group transfers and use of overseas service providers or cloud platforms, assessing the legal basis and safeguards required under PDPA, and providing practical steps and documentation to support transfers.
- Advising on PDPA governance, including allocation of internal roles and responsibilities (controller/processor), and DPO considerations, and providing support in the preparation of incident response procedures and breach readiness materials