Show all guides
Worldwide
PDPA

Thailand’s PDPC issues eight severe fines under PDPA

Last update:
Oct 3, 2025

Thailand’s Personal Data Protection Committee (PDPC) announced hefty fines in eight cases under the Personal Data Protection Act (PDPA). The penalties follow various acts of mishandling data, including insufficient security measures, using sensitive records in ways that fail to meet regulatory standards (including wrapping merchandise), failure to appoint a Data Protection Officer, failure to notify the controller, and more. 

According to the regulator, these cases mark a transition from education-only responses to active financial sanctions, signalling that the Thai regulator expects full compliance from public- and private-sector bodies alike.

The full guidelines can be found
here

Related Guides

Thailand's Personal Data Protection Act

May 19, 2022

Thailand’s first law on personal data collection, the Personal Data Protection Act (PDPA), will come into effect on June 1, 2022 after being signed in 2019. Similar to the GDPR, key aspects of the PDPA include data processing, collection, storage, and consent protocols...
Worldwide
PDPA
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only