From our corporate member Tillike & Gibbins we have received news regarding new PDPA criteria for the handling of personal data. The criteria outline how the data subject (could be a bank customer) and the data controller (could be the bank) must comply on handling personal data.

On June 14, 2024, the Personal Data Protection Committee (PDPC) released a draft notification under the Personal Data Protection Act 2019 (PDPA), setting out criteria for how data controllers must delete, destroy, and de-identify personal data.

However, in the end it will all depend on the implementation of the laws as it is in Thailand.

More factual legal information can be read here at Tillike & Gibbins. A more debating worthwhile reading can be read here at Bangkok Post.