The Digital Economy and Society (DES) Ministry insists the Personal Data Protection Act (PDPA) will be enforced on June 1 as scheduled, despite calls from the business sector for its postponement due to a lack of preparedness, particularly among small and medium-sized enterprises (SMEs).
However, the enforcement of penalties would be relaxed in the first year of its implementation if violators did not intend to commit a wrongdoing, as it is during a transitional period when the development of an understanding of the law and mediation for disputes would still be required.
Additionally, consideration is being made to spare small entrepreneurs from being subject to penalties.
DES Minister Chiawut Thanakamanusorn said full enforcement of the law is a crucial move as it sets a clear standard for personal data usage and levels up personal data protection in the country, which could potentially create confidence at the international level and ensure transparency.
The PDPA will play a key part in supporting the digital-driven economy, through which the government projects digital-related business to generate a targeted 30% of GDP over the next five years, he said in a seminar on enforcement of the PDPA.
"Data is the heart of the digital economy. The enforcement of the PDPA has been postponed twice and it is now the time to start," Mr Chaiwut said.
The PDPA, which was published in the Royal Gazette in 2019 with a one-year grace period, saw the postponement of its full enforcement for two years due to the pandemic and a lack of proper preparedness among businesses.
The PDPA is among 12 digital-related laws the government wants to have in line with its digital economy transformation roadmap.
"The government will relax the enforcement of the penalties for a year after the law takes effect as an adjustment period. However, the intention of the transgression will have to be proven," Mr Chaiwut said.
He indicated the DES and the Personal Data Protection Committee (PDPC) are pondering waiving enforcement of the law on some businesses, especially very small enterprises, such as barber shops and small garages.
The government is now building the Government Platform for PDPA compliance (GPPC) as a centralised mechanism to accommodate PDPA compliance for state agencies. Some 2,000 state officials will be trained in the first phase to create a better understanding of the law among them.
Wetang Phuangsup, secretary-general of the PDPC, said the committee has drafted five subordinate regulations of the PDPA, which have been put up for public hearing.
He stressed the PDPA is not meant to create burden for enterprises but determine a standard on how personal data is used, stored and protected.
Early this month, the Joint Standing Committee on Commerce, Industry and Banking called on the government to consider postponing full enforcement of the PDPA by another two years to give more time for companies to be ready to comply with the law as they remain stymied by economic woes brought about by the pandemic.