PDPA compliance with ConsentX
Personal Data Protection Act
Singapore / Thailand
In force
Asia & Africa
Who it applies to
Organizations collecting, using or disclosing personal data of individuals in the relevant jurisdiction.
Penalties
Varies by jurisdiction, up to significant percentage-of-turnover or fixed-sum fines.
Key obligations
- Notify purposes and obtain consent
- Allow withdrawal of consent
- Provide access and correction
- Appoint a data protection officer
- Protect and retain data appropriately
How ConsentX helps
Notification-first consent banner
Withdrawal controls
Access and correction intake
Configurable retention
Get PDPA ready with ConsentX
Start free, or book a walkthrough with our team.
This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified counsel.
Frequently asked questions
What is PDPA?+
Personal Data Protection Acts in markets such as Singapore and Thailand require consent and clear notification before collecting and using personal data.
Does PDPA require consent before collecting data?+
Yes. You must notify the purpose and obtain consent before collecting or using personal data, and allow withdrawal.