PDPA: Administrative Fine
The Personal Data Protection Act B.E. 2562 (2019) (PDPA) of Thailand, enforced from June 1, 2022, has reshaped the data protection landscape by mandating strict compliance standards for organizations. One of the key enforcement tools available under the PDPA is the imposition of administrative fines for non-compliance.
Following the issuance of the Royal Gazette Notification in April 2025, the procedures for administrative fines are now clearly outlined. Below is a comprehensive overview of the administrative fine system and process.
Scope of Administrative Fines:
Administrative fines apply to:
- Data Controllers who fail to comply with lawful processing, security standards, or respect for data subject rights.
- Data Processors who act beyond instructions or fail to maintain required security standards.
- Representatives acting on behalf of overseas controllers or processors carrying out activities in Thailand.
Violations triggering fines include:
- Unlawful data processing without valid consent or legal basis.
- Inadequate responses to data subject rights.
- Failure to report data breaches promptly.
- Unauthorized data sharing or cross-border data transfers.
- Absence of proper organizational security measures.
Authorities Empowered to Act:
The Personal Data Protection Committee (PDPC) and its designated investigating officers have the authority to:
- Conduct investigations.
- Summon witnesses and request evidence.
- Recommend fines for PDPC approval.
- Issue administrative orders enforceable under administrative law.
PDPA Administrative Fine Process:
The administrative fine process is clearly structured into the following key stages:
1. Preliminary Investigation
An investigating officer gathers evidence, interviews involved parties, and assesses whether there are grounds for a violation. If sufficient evidence exists, the officer proceeds with the next step.
2. Notice of Allegations
The alleged violator receives a formal notification, detailing:
- The alleged facts.
- Applicable legal provisions breached.
- The right to submit a defense or clarifications within a stipulated period.
3. Consideration and Decision
The competent authority reviews all evidence, defenses, and mitigating factors. The seriousness of the violation, damages, prior conduct, and cooperation are taken into account when determining the fine amount.
4. Issuance of Administrative Order
An administrative order is issued specifying:
- The nature of the violation.
- The amount of the fine imposed.
- Payment instructions and deadlines.
Failure to comply may result in further legal enforcement actions.
5. Right to Appeal
The fined party may appeal the administrative order in accordance with the Administrative Procedure Act B.E. 2539 (1996).
Author: Panisa Suwanmatajarn, Managing Partner.
Other Articles
- Proposed Amendments to Anti-Corruption Legislation to Align with OECD Standards
- Notification of the Competent Officer on Exchange Control (No. 38) — Draft Amendment
- Thailand’s Proposed Updates to the Non-Preferential Certificate of Origin Framework for Exports to the United States and the European Union
- Thailand’s Expanding Trade Network: Key Updates on FTAs with Partner Countries
- Thailand FDA — Proposed Food Labelling Rules for Prepackaged Foods
- U.S. Tariff Developments Post Supreme Court Ruling