PDPA Compliance

Pandectes GDPR Compliance helps  Shopify Stores comply with the Personal Data Protection Act (PDPA) by scanning them and identifying the cookies and tracking technologies in use. The scan generates a report that classifies these technologies based on regulatory guidelines and provides options for updates to ensure compliance with PDPA.

PDPA Compliance
The #1 cookie consent app for Shopify, trusted by 125k stores

What is PDPA?

The Thailand Personal Data Protection Act (PDPA) is a data protection law in Thailand. It aims to protect the personal data of individuals by regulating the collection, use, and disclosure of personal data by organizations. It establishes principles such as obtaining consent for the collection, use, and disclosure of personal data, providing individuals with access to their personal data, and protecting personal data through appropriate security measures. The PDPA applies to all organizations that handle personal data, including both public and private sector organizations. The law requires organizations to appoint a Data Protection Officer (DPO), to take necessary measures for personal data protection, to establish a personal data protection management system, and to notify the Personal Data Protection Committee (PDPC) when a data breach occurs. The law also provides individuals with the right to access, correct or delete their personal data, and the right to object to the collection, use or disclosure of personal data.

The PDPA sets out principles for the handling of personal data, including obtaining consent from individuals for the collection, use, and disclosure of personal data, and taking appropriate measures to protect the security of personal data. Additionally, the PDPA establishes the Personal Data Protection Committee (PDPC) to monitor and enforce compliance with the law.

PDPA Compliance

Who does the PDPA apply to?

The PDPA applies to Stores that collect personal data and use or disclose them within Thailand, as well as when this personal data that is transferred from Thailand to other countries.

PDPA Compliance

What happens if I don't comply with the PDPA?

Failing to comply with the Thailand Personal Data Protection Act (PDPA) can result in significant fines and penalties. The Personal Data Protection Committee (PDPC) has the power to impose administrative fines for non-compliance. The fines can be up to 5 million baht (around 160,000 USD) per violation.

Fines can be imposed for a variety of reasons, including failure to comply with the principles of data protection, failure to appoint a Data Protection Officer (DPO), failure to establish a personal data protection management system, failure to report a data breach, and failure to provide individuals with their rights under the PDPA.

In addition to fines, supervisory authorities can also impose other penalties, such as ordering companies to stop processing personal data, requiring companies to rectify non-compliance, and issuing reprimands.

It’s important to note that PDPA compliance is not only about avoiding fines and penalties, but also about protecting people’s personal data and respecting their rights.

When will the PDPA go into effect?

The Thailand Personal Data Protection Act (PDPA) was passed on May 27, 2019 and it came into effect on May 27, 2020. However, the Personal Data Protection Committee (PDPC) has implemented a grace period until May 26, 2021, during which it will prioritize guidance, education and awareness-raising over fines and penalties for non-compliance with the PDPA.

Complying with the PDPA

The PDPA stands as one of the comprehensive data privacy laws, and other countries, such as Singapore, Malaysia, and Indonesia, are also introducing their own privacy regulations. As businesses operate across multiple jurisdictions, it becomes increasingly difficult to navigate and adhere to the intricate network of international data privacy laws.

Maintaining compliance begins with staying informed about the evolving legislation that may impact your company. Keeping track of these laws as they progress through national legislatures is essential. Subscribing to relevant newsletters and resources can be helpful.

When a new law is enacted but not yet in effect, it is advisable to review its text in collaboration with legal counsel. They can assess your compliance status and provide guidance on necessary actions.

To streamline the data compliance process, consider utilizing a Consent Management Platform (CMP) like Pandectes GDPR Compliance. A CMP relieves the burden on your team by offering customizable consent management, automation of data subject access requests, and tools for cookie & vendor management. Pandectes GDPR Compliance is specifically designed for Shopify Stores and is ready to assist you in achieving and maintaining compliance within the ever-changing landscape of data privacy.

Make your Shopify Store's use of cookies and online tracking compliant today
Scroll to Top