To tackle this issue, the 28 member states of the European Union (EU) succeeded in agreeing on a single, ambitious, and comprehensive piece of data privacy legislation. The European Parliament adopted the General Data Protection Regulation (GDPR) in May 2016. Its provisions became enforceable in the EU in May 2018 and two months later in the whole European Economic Area (EEA: EU member states plus Iceland, Liechtenstein, and Norway).

Core principles of the GDPR aim at giving to the citizens some control over the collection of their personal information by public and private entities. The regulation requests for example pseudonymisation for stored data (e.g. with encryption) and disclosure about the purpose for data processing.  Companies have to be transparent about how long the information will be retained and if it will be shared with any third party or outside the EEA. Furthermore, individuals have the right to access their personal information, to revoke consent to data processing, and, under certain circumstances, to request data erasure. They can also object to the processing of personal data for marketing, sales, and non-service related purposes. Last but not least, citizens have the right to contest any automated decision-making made on a solely algorithmic basis and to file complaints with the data protection authority.

Complying with the GDPR is a challenge for many companies and institutions. Despite technical difficulties and challenges, the GDPR is widely recognized as a new international standard in terms of citizens and consumers’ right protection.

Privacy Thailand, an independent academic group that works and researches on data protection issues, published this book for the second time with the support of the Konrad Adenauer Foundation in Thailand. This 2nd printing aims to disseminate the content of the General Data Protection Regulation of the European Union (GDPR) to several groups of readers, i.e. offices under the provincial administration, provincial organizations in 76 provinces in Thailand, central libraries of both public and private universities.

The contents of the GDPR consist of:

- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

- General provisions

- Principles

- Rights of the data subject

- Controller and processor

- Transfers of personal data to third countries or international organizations

- Independent supervisory authorities

- Cooperation and consistency

- Remedies, liability, and penalties

- Provisions relating to specific processing situations

- Delegated acts and implementing acts

- Final provisions

The publication is available only in Thai language. To request a hard copy of this publication, please send an email directly to Privacy Thailand’s team at admin@privacythailand.org.