Shunsuke Minowa and Poonyisa Sornchangwat of Nagashima Ohno & Tsunematsu write:
1. Background
On 1 August 2025, Thailand’s Personal Data Protection Committee (“PDPC”) announced the issuance of 8 fines totaling THB 14.5 million (approximately USD 448,000), which were levied against one government agency and other private entities for non-compliance with the Personal Data Protection Act of 2019 (“PDPA”) in 5 cases.
Since the official enforcement of the PDPA, this marks the second significant instance in which the PDPC has imposed fines on non-compliant data controllers and data processors. The first issuance of fines occurred last year, when the PDPC penalized data controllers for their failure to provide appropriate security measures, notify the PDPC of the data breach, and appoint a Data Protection Officer (“DPO”), with fines totaling THB 7,000,000 (approximately USD 216,000). Consequently, the cumulative total of fines issued by the PDPC, up to the present time, amounts to approximately THB 21.5 million (approximately USD 660,000).
Read more about the compliance cases at Lexology.com.