DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡น๐Ÿ‡ญ Thailand

PDPA TH

Personal Data Protection Act B.E. 2562

In short
Thailand's PDPA is a GDPR-style consent law. For cookies and marketing that are not strictly necessary it generally requires freely given, specific, informed and explicit prior consent, with separate consent for sensitive data.
Region

Thailand

Status

Fully in force since 2022

Group

Asia & Africa

Who must comply

Data controllers and processors that collect, use or disclose personal data of individuals in Thailand, including those based abroad offering goods or services to people in Thailand.

Penalties

Administrative fines up to THB 5 million, plus possible criminal penalties and compensation for unlawful processing of sensitive data.

Key obligations

  • Obtain explicit prior consent for non-essential processing
  • Provide a clear privacy notice before collection
  • Honor access, rectification, erasure and objection rights
  • Appoint a data protection officer where required
  • Report data breaches to the office within the required timeframe

How ConsentX helps

Prior-script blocking for true opt-in

Geo-aware banner for Thai visitors

Separate consent capture for sensitive data

Rights request workflow with evidence

Region rule engine tuned for Thailand

Get PDPA TH ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PDPA TH using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDPA TH.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDPA TH requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PDPA TH audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Thailand's PDPA require opt-in consent for cookies?+

For cookies that are not strictly necessary it generally requires explicit, freely given prior consent.

Who enforces Thailand's PDPA?+

The Personal Data Protection Committee, the PDPC of Thailand, oversees and enforces the law.

Countries under PDPA TH

๐Ÿ‡น๐Ÿ‡ญ เธ›เธฃเธฐเน€เธ—เธจเน„เธ—เธข

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331