Announcement on the Establishment of the Personal Data Protection Committee under the Personal Data Protection Act B.E. 2562 (2019)

It has been almost 3 years since the announcement of the Personal Data Protection Act B.E. 2562 (2019) (PDPA). Finally, the Personal Data Protection Committee (Committee), a regulator under the PDPA, has been announced by the Thai Cabinet in the Royal Gazette which has taken effect since 11 January 2022.

The Committee consists of:

• One chairperson, appointed by the Thai Cabinet announcement;
• The vice-chairperson, who is the Permanent Secretary of the Ministry of Digital Economy and Society;
• Five committees, appointed based on their positions in the government agencies (as indicated in the PDPA); and
• Nine honorary committees appointed from the experts in the various types of fields and by the Thai Cabinet announcement.

The Committee shall have the authority and duty under the PDPA to set up the master plan for the promotion and protection of personal data; prescribe the measures, criteria or the guidelines for the business operator to comply with; and issue numerous subordinated regulations and rules under the PDPA.

The establishment of the Committee signals that the enforcement of the PDPA shall commence on 1 June 2022 with no further postponements. In addition, it can also be anticipated that the PDPA subordinated regulations and rules, in relation to, for example, forms and details of the consent letter, sensitive personal data, data protection officers, cross-border transfers, notification of personal data breach to the Office of the Committee, etc. should soon be issued by the Committee.

Therefore, any business operators who collect, use and/or disclose personal data who have not yet fully complied with the PDPA should promptly implement the necessary and adequate measures and steps prior to the enforcement date of the PDPA.