Data Protection & Privacy

Data Protection & Privacy

Translating regulatory complexity into operational clarity
Data

The Personal Data Protection Act B.E. 2562 (2019) sets out the requirements for personal data protection that businesses established in Thailand, and foreign businesses carrying out commercial activities in Thailand, must comply with. To help clients mitigate PDPA compliance risks, we provide strategic legal advice on PDPA readiness, implementation documentation, and ongoing compliance support.  We also provide emergency legal support and advice on incident responses (internal, external and regulatory) following personal data breach events.

We regularly assist clients in relation to the full spectrum of data privacy matters:

  • Conducting PDPA compliance review based on the client’s data processing activities and documentation, identifying gaps against PDPA requirements, and providing practical recommendations together with an implementation roadmap tailored to the client’s operations.
  • Preparing PDPA implementation documents, including Privacy Policies, Cookies Policies, consent documentation, and forms/procedures for handling data subject requests, aligned with the client’s data processing practices. 
  • Drafting and reviewing data protection terms in vendor and commercial arrangements, including data processing agreements and controller–processor clauses. 
  • Delivering tailored training for management and operational teams to support PDPA implementation and day-to-day compliance. 
  • Advising on cross-border transfers of personal data, including intra-group transfers and use of overseas service providers or cloud platforms, assessing the legal basis and safeguards required under PDPA, and providing practical steps and documentation to support transfers.
  • Advising on PDPA governance, including allocation of internal roles and responsibilities (controller/processor), and DPO considerations, and providing support in the preparation of incident response procedures and breach readiness materials

Our Recent Work

01
Conducting tailored personal data protection training programmes for a range of well-known clients across multiple industries, including food manufacturing, automotive, logistics, and media.
02
Conducting PDPA compliance audits and supported end-to-end implementation by preparing comprehensive documentation packages, including privacy notices/policies, consent documentation, records of processing activities, and data processing agreements, for clients in sectors such as professional services, automotive, real estate development, direct sale, and international schools.
03
Advising clients on data protection and privacy compliance matters in connection with IPO readiness, including review and preparation of relevant PDPA-facing documentation and recommendations to address identified compliance gaps.
04
Providing ongoing advisory support to international schools on PDPA implementation, including drafting and updating key notices, consents, and internal procedures aligned with operational practices.
05
Advising a broad range of clients on practical implementation issues under PDPA, including liaising and coordinating with the Office of the Personal Data Protection Committee (PDPC).
06
Advising a state enterprise on the implications of the EU General Data Protection Regulation (GDPR), including its application, compliance considerations, and related operational impacts.

Our Lawyers

Connect with
Our Legal Experts

12 06 2026 1

Data Protection & Privacy


Sign Up for Legal & Regulatory Insights

Want to Contact Data Protection & Privacy?

Please provide your message in the contact form below.
Location Siam Premier

Data Protection & Privacy