Skip to main content

On-demand webinar coming soon...

Thailand PDPA Compliance

Accelerate time to Thailand Personal Data Protection Act (PDPA) compliance

Enforce a culture of accountability to the rights of data subjects and operationalize the PDPA’s data privacy requirements with our Privacy and Data Governance Cloud

PDPA Thailand compliance

A unified platform for PDPA Thailand compliance and governance

Our Privacy and Data Governance Cloud supports your compliance journey with relevant regulatory research, automation of data subject rights request fulfillment, and by streamlining data collection and incident response. 

Stay up to date on the latest amendments with a centralized repository of full PDPA text, summaries, and regulatory guidance. Leverage maturity and benchmarking tools to assess your program’s effectiveness and identify gaps in data security or data protection policies. 

Uphold data subject rights by choosing from a library of customizable cookie banners that reflect PDPA-specific messaging and utilize geolocation to display the appropriate consent models depending on the website visitor’s location. Scan your website and mobile apps for cookies and document verifiable consent across data collection points.  

Automate the fulfillment of data subject requests with targeted data discovery and quickly identify where data resides throughout your systems. Respond to requests quickly by using PDPA response workflows.  

Leverage privacy impact assessments (PIAs) to adhere to data minimization and purpose limitations, track key attributes and automatically assign risk scores. Collaborate with your DPO and share results. 

Use incident management plan templates to minimize risk should a breach occur. Analyze events with data breach notification templates and utilize workflows to meet the 72-hour notification requirement. 

April 17, 2024

Data governance across industries: Leveraging your organization's most valuable asset

Download our new eBook and learn how to leverage the value of data governance across industries, including financial services, healthcare, retail, and manufacturing.


We’re here to support you in achieving and maintaining Thailand PDPA compliance. In the meantime, explore answers to frequently asked questions. 

Thailand Personal Data Protection Act (PDPA) regulates data collection and data processing activities. It is based on the EU’s General Data Protection Regulation (GDPR) and shares similar provisions related to legal bases for personal data collection and processing, data subject rights, and scope. It was passed in 2019 and went into effect on May 27, 2021. 

The law applies to data controllers and processors who operate in Thailand. It also covers anyone outside of the country that sells, offer services, or monitors the behavior of Thai residents. 

The PDPA requires companies to respect the rights of data subjects and fulfill rights requests. These rights are like those found in the GDPR and include the right to be informed, access to their information, the right to opt-out, and data portability. Companies must limit their data collection to their original lawful purpose, ensure the data is accurate and complete, obtain verifiable consent with the data subject before cross-border data transfer, and notify individuals of data breaches within 72 hours if their personal data was exposed. They must also employ a representative in Thailand if they monitor individuals in the country

The Privacy and Data Governance Cloud streamlines your compliance with automated data discovery and record keeping, pre-built workflows and templates, and privacy impact assessments (PIAs). You can even leverage a knowledge base built by privacy and legal experts to stay updated with the latest regulatory changes and accelerate your trust transformation journey. 

Ready to get started?

Request a free demo today to see how OneTrust can guide your trust transformation journey.