On 21 May 2020, the Thai government issued a Royal Decree exempting 22 business categories from the operation of the Personal Data Protection Act B.E. 2562 (“PDPA”) until 31 May 2021 (“Exempt Businesses”). The Personal Data Protection Commission is empowered under the Royal Decree to make a determination if there is any uncertainty as to whether a business is exempt, and business operators in Thailand should already have obtained legal advice on whether they are an Exempt Business.
Prior to the issuance of the Royal Decree, news reports suggested that there were concerns among businesses that they were not ready for implementing the required measures to comply with the PDPA. The Royal Decree was the Thai government’s response to these concerns.