Brighton College International School, Bangkok - Top Main Banner every page The Hongkong and Shanghai Banking Corporation Limited - Top Main Banner every page

DFDL (Thailand) Limited

Thailand’s Personal Data Protection Act (PDPA) - Data Protection Officer (DPO) in Short 

As June 2022 approaches, many companies in Thailand are focusing on and racing towards the implementation of compliance mechanisms in advance of the adoption of the Personal Data Protection Act (“PDPA”), Thailand’s new and all-encompassing data protection legislation. This new law will significantly impact businesses that handle personal data. It sets out heavy fines and penalties which will be imposed upon organizations that mishandle clients’ personal data.

In today’s infographic, we outline briefly the role of a Data Protection Officer (“DPO”) and why certain businesses may require to hire one.


Watch our brief, concise and easy-to-follow 3 minutes video to understand more about the appointment of the DPO and why such position becomes increasingly important with the upcoming enforcement of Thailand’s PDPA. HERE

Ng Woan Na (Regional Senior Legal Adviser, China Desk) highlights the appointment of DPO under Thailand’s PDPA if the business operations require a “regular and systemic monitoring of personal data” as a result of “processing large volume of personal data and sensitive personal data”. Examples of such businesses include e-commerce and online banking businesses. She provides an insightful overview on the appointment and roles of DPO within an organization, and whether such appointment should be made internally within the organization, or be outsourced to third-party data privacy service provider.

Please feel free to contact Kraisorn Rueangkul, Partner (, and Ng Woan Na, Regional Senior Legal Adviser (China Desk) (, for any related queries.