TDRI QUARTERLY REVIEW

Volume 37, No. 02, Month JUNE, Year 2022, Pages 23 - 45

A study of the necessity of and approaches to the preparation of personal data protection guidelines

Khemmapat Trisadikoon

Abstract Download PDF

Thailand’s Personal Data Protection Act, B.E. 2562 (2019) was enacted to protect the personal data of a data subject (defined as a natural person or juristic person about whom a controller holds personal data and who can be identified, directly or indirectly, by reference to that personal data) by setting out rules, and mechanisms, along with regulatory measures regarding the collection, storage, use, or disclosure of personal data, collectively known as “personal data processing.” However, that Act does not provide rules or procedures in detail. As a result, a guideline must be developed as an important instrument to assist in the reasonable implementation of the law or the principles set out in legislation in practice, particularly for agencies with specific missions or services. Therefore, the Office of the Permanent Secretary, Ministry of Digital Economy and Society, serving as the Office of the Personal Data Protection Commission,1 has assigned the Thailand Development Research Institute (TDRI) as a research team to study and draft personal data protection guidelines for relevant entrepreneurs and for the benefit of effective enforcement in accordance with the personal data protection law under the “Personal Data Protection Guideline for Personal Data Controllers and Data Processors according to the Data Protection Act, B.E. 2562” program, and to prepare relevant policy recommendations to address the issues not applied under the guidelines. Although the draft guidelines do not have a legal status that must be strictly followed, the draft guidelines, which lay out guidelines for relevant parties to implement, must be considered and reviewed by the Personal Data Protection Committee, which will be established later, before further promulgation.

Keywords

QUARTERLY REVIEW

---