Single title

General Data Protection Regulation in Thai Version (2nd Printing)

The digital innovations of the last three decades have completely changed our lives. They made the world faster, more effective, and more connected. They offer great opportunities in terms of employment, access to knowledge, and service to the citizens. However, one worrying downside is large-scale personal data collection. Private and public organizations have gained access to various aspects of people’s personal life. Thanks to new information technologies, they started collecting data on individuals’ whereabouts, purchase behavior, health and wealth, social background and community, and even political affinity.

To tackle this issue, the 28 member states of the European Union (EU) succeeded in agreeing on a single, ambitious, and comprehensive piece of data privacy legislation. The European Parliament adopted the General Data Protection Regulation (GDPR) in May 2016. Its provisions became enforceable in the EU in May 2018 and two months later in the whole European Economic Area (EEA: EU member states plus Iceland, Liechtenstein, and Norway).


Core principles of the GDPR aim at giving to the citizens some control over the collection of their personal information by public and private entities. The regulation requests for example pseudonymisation for stored data (e.g. with encryption) and disclosure about the purpose for data processing.  Companies have to be transparent about how long the information will be retained and if it will be shared with any third party or outside the EEA. Furthermore, individuals have the right to access their personal information, to revoke consent to data processing, and, under certain circumstances, to request data erasure. They can also object to the processing of personal data for marketing, sales, and non-service related purposes. Last but not least, citizens have the right to contest any automated decision-making made on a solely algorithmic basis and to file complaints with the data protection authority.


Complying with the GDPR is a challenge for many companies and institutions. Despite technical difficulties and challenges, the GDPR is widely recognized as a new international standard in terms of citizens and consumers’ right protection.


Privacy Thailand, an independent academic group that works and researches on data protection issues, published this book for the second time with the support of the Konrad Adenauer Foundation in Thailand. This 2nd printing aims to disseminate the content of the General Data Protection Regulation of the European Union (GDPR) to several groups of readers, i.e. offices under the provincial administration, provincial organizations in 76 provinces in Thailand, central libraries of both public and private universities.


The contents of the GDPR consist of:


- Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

- General provisions

- Principles

- Rights of the data subject

- Controller and processor

- Transfers of personal data to third countries or international organizations

- Independent supervisory authorities

- Cooperation and consistency

- Remedies, liability, and penalties

- Provisions relating to specific processing situations

- Delegated acts and implementing acts

- Final provisions


The publication is available only in Thai language. To request a hard copy of this publication, please send an email directly to Privacy Thailand’s team at

Contact Person

Orapan Suwanwattanakul

Orapan Suwanwattanakul

Project Manager +66 (0) 2 714 1207 +66 2 714 1307