After numerous delays the Thailand Personal Data Protection Act (PDPA) has officially come into effect as of today (1st June). Any and all businesses that handle personal data in one way or another are now required to implement additional measures or alter the way in which they interact with customers, business partners and employees.

Some of the key steps that will need to be taken involve updating or issuing a new privacy policy; providing data subjects with consent forms where necessary; recording all processing activities; enter into data processing agreements with relevant third parties and business partners; implementing robust security measures to prevent and deal with data breaches; and appointing a Data Protection Officer.

To fully comply with the PDPA, companies will need every department to play their part to ensure that all necessary procedures are fully implemented and adhered to going forward. To aid this, there will be more guidance and requirements to come in the shape of sub-regulations and guidelines, which will be announced by the Personal Data Protection Committee in due course.