Since Europe’s GDPR came into force more than two years ago, data privacy and protection have become priorities for regulators and businesses across the Asian region. Between 2019 and 2020, a flurry of data privacy laws was developed, with China, Singapore, Sri Lanka, Thailand, India, Japan and Hong Kong among those offering new guidelines and requirements. And still, more are expected, now bringing with them the prospect off larger fines than before.

In May 2019, Thailand’s Personal Data Protection Act (PDPA) officially became law. Echoing General Data Protection Regulation (GDPR) somewhat, the PDPA regulates personal data collection, storage and dissemination. But while further regulatory developments are required to ensure the law can be fully implemented, businesses should be seeking out legal help to ensure they are compliant now — and not dragging their heels — say lawyers.