Background Thailand's PDPA is the country's first unified data privacy legislation for personal data protection. Coming at a time when people around the world are increasingly aware of the risks and negative consequences of their personal data being compromised, the PDPA seeks to align with international standards, such as the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Prior to the enactment of the PDPA, privacy rights were recognised in the Constitution of the Kingdom of Thailand. Beyond this, the handling of personal data was governed by specific regulations for a handful of sectors, such as telecommunications, financial institutions, securities, and life scien