Compliance Alert: Major Fines Underline PDPA Urgency

Compliance Alert: Major Fines Underline PDPA Urgency

The Personal Data Protection Laws came into effect in June 2022, yet many companies have still not taken the necessary steps to update their policies and implement compliance measures. A key requirement is the appointment of a Data Protection Officer (DPO). On August 21, 2024, the PDPC released a press statement addressing the urgent need for preventing data leaks in both private and public organizations. On the same day, the Expert Committee imposed administrative penalties totaling Baht 7 million Baht on a major e-commerce company for violating the Personal Data Protection Act. The penalties included:

• Failure to appoint a DPO: Baht 1 Million 
• Failure to implement appropriate security measures: Baht 3 Million
• Failure to report a data breach: Baht 3 Million

This case underscores the immediate need for corporations in Thailand to comply with the Personal Data Protection Act. As enforcement increases, it is essential to note that this is just the beginning; more cases are likely to arise, and the fines could exceed the current total of Baht 7 million.
 
It is crucial for organizations to take proactive steps now, including conducting thorough audits of their data protection practices and ensuring all staff are trained on compliance measures. Should you require assistance with PDPA implementation, feel free to contact us.