Thailand: First Administrative Fine for PDPA Violation

DFDL Thailand

10th November 2024
The Office of the Personal Data Protection Committee has issued an order on 31 July 2024 requiring a private e-commerce company to strictly comply with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and order the first administrative fine for the amount up to 7 million Baht for non-compliance with the PDPA.

The Office of the Personal Data Protection Committee (PDPC) has issued an order on 31 July 2024 requiring a private e-commerce company to strictly comply with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and order the first administrative fine for the amount up to 7 million Baht (approximately USD 213,000) for non-compliance with the PDPA.

In such case, there was a significant leak of customer personal data, leading to misuse and resulting in damage to individuals. This incident sparked discussions on social media and was later found that the leaked data included actual purchase information and personal details of the company’s customers, highlighting several instances of non-compliance with the PDPA.

The details of the administrative fine are as follows:

  • Failure to appoint the Data Protection Officer (DPO) (Section 41(2) and Section 82 of the PDPA): THB 1,000,000 (approximately USD 30,400)
  • Failure to implement appropriate security measures (Section 37(1) and Section 83 of the PDPA): THB 3,000,000 (approximately USD 91,400)
  • Failure to notify data breaches (Section 37(4) and Section 83 of the PDPA): THB 3,000,000 (approximately USD 91,400)

In addition to the administrative fines, the PDPC also impose several directives for the company to follow and report back to the PDPC within 7 days:

  • Improve security measures to prevent data leaks;
  • Update security measures to keep pace with evolving technology;
  • Conduct training for personnel involved in accessing, collecting, using, or disclosing personal data; and

Failure to comply with these orders may result in additional administrative fines of no more than THB 500,000 (approximately USD 15,300), as stipulated by Section 89 of the PDPA.

The Minister of Digital Economy and Society emphasized that the fines are intended to protect the public from call center scams and personal data leaks, which have been significant issues in Thailand over the past two years. The fines also serve as a warning to both public and private sector organizations to report data breaches to the PDPC as required by law. This action sets a standard and precedent for handling data breaches.

The Minister highlighted that these orders would raise awareness about the importance of complying with the PDPA and help deter misuse of personal data. Additionally, these measures aim to mitigate damage to individuals affected by data leaks and build public confidence in the use of personal data online.

Kraisorn Rueangkul, Partner, Thailand

Kraisorn is a Country Partner of DFDL Thailand, and the Country Head of the foreign direct investment, regulatory & compliance, and employment practice groups.

The information provided here is for information purposes only and is not intended to constitute legal advice. Legal advice should be obtained from qualified legal counsel for all specific situations.

Please Login or Register for Free now to view all updates and articles

 Login  Sign Up

In addition to free-to-view updates and articles, you can also subscribe to the full Legal Centrix Vietnam Service including access to:

  • Overview notes on the law
  • Thousands of high quality translations of legislation covering all key business areas
  • Legal and tax updates
  • Articles on important legal and tax issues
  • Weekly email alerts
  • Sophisticated web platform and search

Legal Centrix is trusted by top law and accounting firms.

DFDL Thailand

In 2005 DFDL established a permanent presence in Bangkok to better serve the needs of our growing client base in Thailand, especially those businesses and stakeholders investing across the region. Since then, we have expanded and solidified a wide variety of practice groups. These include: corporate and commercial; mergers and acquisitions; energy, mining and infrastructure; banking, finance and technology; real estate; employment; and tax.

Our Thai team works closely with our integrated network of offices across the region to provide international standard legal and tax services, with in-depth and comprehensive knowledge of the local environment. Our legal advisers have practical experience in a wide range of legal areas, from the feasibility phase through to the operation stages of an investment project, and can provide legal and tax advice on all aspects of Thai law.

The Bangkok office is also where a number of DFDL’s regional advisers are based, all with extensive and longstanding experience is complex multi-jurisdictional matters.

Click here to view the author's profile

Author

Tags

  • Legal Updates
  • Data Protection & Privacy
  • Thailand

Related Content

  • No related content

Recent updates

Cookies On
Our Website
We use cookies on our website. To learn more about cookies, how we use them on our site and how to change your cookie settings please click here to view our cookie policy. By continuing to use this site without changing your settings you consent to our use of cookies in accordance with our cookie policy.

 

A leading provider of legal and tax know-how and information for Asia.

Useful Links

Contact Us

Hong Kong, China
Tel: +852 3001 8810
support@legalcentrix.com

Copyright © 1997 - 2024 Legal Centrix. All Rights Reserved Privacy Policy | Terms of Use

Some text to show in popup