PDPA Compliance

Pandectes GDPR Compliance helpsย  Shopify Stores comply with the Personal Data Protection Act (PDPA) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with PDPA.

PDPA Compliance
The #1 cookie consent app for Shopify, trusted by 80k stores

What is PDPA?

The Thailand Personal Data Protection Act (PDPA) is a data protection law in Thailand. It aims to protect the personal data of individuals by regulating the collection, use, and disclosure of personal data by organizations. It establishes principles such as obtaining consent for the collection, use, and disclosure of personal data, providing individuals with access to their personal data, and protecting personal data through appropriate security measures. The PDPA applies to all organizations that handle personal data, including both public and private sector organizations. The law requires organizations to appoint a Data Protection Officer (DPO), to take necessary measures for personal data protection, to establish a personal data protection management system, and to notify the Personal Data Protection Committee (PDPC) when a data breach occurs. The law also provides individuals with the right to access, correct or delete their personal data, and the right to object to the collection, use or disclosure of personal data.

The PDPA sets out principles for the handling of personal data, including obtaining consent from individuals for the collection, use, and disclosure of personal data, and taking appropriate measures to protect the security of personal data. Additionally, the PDPA establishes the Personal Data Protection Committee (PDPC) to monitor and enforce compliance with the law.

PDPA Compliance

Who does the PDPA apply to?

The PDPA applies to Stores that collect personal data and use or disclose them within Thailand, as well as when this personal data that is transferred from Thailand to other countries.

PDPA Compliance

What happens if I don't comply with the PDPA?

Failing to comply with the Thailand Personal Data Protection Act (PDPA) can result in significant fines and penalties. The Personal Data Protection Committee (PDPC) has the power to impose administrative fines for non-compliance. The fines can be up to 5 million baht (around 160,000 USD) per violation.

Fines can be imposed for a variety of reasons, including failure to comply with the principles of data protection, failure to appoint a Data Protection Officer (DPO), failure to establish a personal data protection management system, failure to report a data breach, and failure to provide individuals with their rights under the PDPA.

In addition to fines, supervisory authorities can also impose other penalties, such as ordering companies to stop processing personal data, requiring companies to rectify non-compliance, and issuing reprimands.

It’s important to note that PDPA compliance is not only about avoiding fines and penalties, but also about protecting people’s personal data and respecting their rights.

When will the PDPA go into effect?

The Thailand Personal Data Protection Act (PDPA) was passed on May 27, 2019 and it came into effect on May 27, 2020. However, the Personal Data Protection Committee (PDPC) has implemented a grace period until May 26, 2021, during which it will prioritize guidance, education and awareness-raising over fines and penalties for non-compliance with the PDPA.
Scroll to Top