Skip to main content
NOPE
In Effect Law Data Protection

Thailand PDPA

Thailand Personal Data Protection Act B.E. 2562 (2019)

Thailand's GDPR-style law. Health data requires explicit consent. First major fine (THB 7M) August 2024. Draft Royal Decree on AI proposes EU-style risk classification.

Jurisdiction

Thailand

Enacted

May 27, 2019

Effective

Jun 1, 2022

Enforcement

Personal Data Protection Committee (PDPC)

Thailand PDPC

Why It Matters

Active enforcement. Draft AI Royal Decree would add EU-style risk classification.

Recent Developments

First major fine THB 7M (Aug 2024). Draft AI Royal Decree proposes prohibited AI and high-risk classification.

At a Glance

Who Must Comply

  • Data controllers/processors in Thailand
  • Foreign entities processing Thai residents' data

Obligations fall on:

Safety Provisions

  • Section 26: Sensitive data (health) requires explicit consent
  • Section 27: Children's data restrictions
  • Automated decision-making transparency
  • Cross-border transfer restrictions
  • 72-hour breach notification

Compliance & Enforcement

Penalties

THB 5M; criminal (up to 1yr)

Criminal liability

View on map

Thailand

Focus Areas

Mental health & crisis
Child safety
Active safeguards required

Cite This

APA

Thailand. (2019). Thailand Personal Data Protection Act B.E. 2562 (2019).

Related Regulations

In Effect BN

Brunei PDPO

Brunei's personal data protection order requiring DPIA and imposing penalties up to 10% Brunei turnover or $1M.

In Effect IN

India DPDP Act

STRICTEST children's provisions in APAC. Children = under 18; verifiable parental consent MANDATORY; PROHIBITION on tracking, behavioral monitoring, targeted advertising to children.

In Effect ID

Indonesia PP 17/2025

Indonesia's comprehensive child online protection regulation establishing age-appropriate design requirements for electronic systems accessible to children. Most granular age classification globally (5 groups). Requires risk assessments, privacy-by-default, parental consent, DPIAs, and prohibits data profiling of children. First of its kind in Asia and Global South.

In Effect CN

China CSL Amendments

First major revision of China's foundational Cybersecurity Law since 2017. Introduces formal AI governance provisions, significantly increases penalties, and expands extraterritorial application to all cybersecurity violations.

In Effect AU

AU National AI Plan

National AI policy roadmap replacing previously proposed mandatory AI guardrails. Focuses on leveraging existing legal frameworks rather than new mandatory requirements. Establishes the Australian AI Safety Institute (AISI) to monitor, test, and share information on AI risks and harms.

In Effect IN

India AI Governance Guidelines

Voluntary AI governance framework built on seven core principles ('sutras'): Trust, People First, Innovation over Restraint, Fairness & Equity, Accountability, Understandable by Design, and Safety/Resilience/Sustainability. Establishes AI Governance Group, AI Safety Institute, and Technology & Policy Expert Committee.

All regulations Check if this applies to you

Last updated February 17, 2026. Verify against primary sources before relying on this information.