A Study of the Necessity of and Approaches to the Preparation of Personal Data Protection Guidelines

Published in TDRI Quarterly Review, Vol. 37 No.2 (June 2022)

Suggested Bibliographic Citation: Trisadikoon, K. (2022). “A Study of the Necessity of and Approaches to the Preparation of Personal Data Protection Guidelines.” TDRI Quarterly Review, 37(2). 23-44.

Summary

This article examines the necessity of developing personal data protection guidelines to support the effective enforcement of Thailand’s Personal Data Protection Act B.E. 2562 (2019). Although the Act establishes fundamental principles, data subject rights, obligations of data controllers and processors, and legal penalties, it lacks detailed practical instructions for real-world implementation. As a result, organizations with legal duties may face uncertainty in compliance, which could undermine the effectiveness of personal data protection. The study argues that practical guidelines are therefore essential as an instrument for translating legal principles into concrete procedures, standards, and operational practices tailored to organizational contexts.

The paper outlines key elements of the Thai legal framework, including the scope of application, rights of data subjects, relationships among data subjects, controllers, and processors, rules governing data processing throughout the data life cycle, and enforcement mechanisms. It then conducts a comparative analysis of personal data protection systems and guidelines in the European Union, the United Kingdom, Japan, Singapore, and the United States. The findings indicate that effective guidance typically exists at multiple levels, including general conceptual guidelines, sector-specific guidelines tailored to particular industries, and topic- or activity-specific guidelines addressing concrete situations. Such multi-layered guidance enables organizations to interpret and apply legal requirements in a manner consistent with actual operational realities.

Based on these insights, the article proposes an approach for developing personal data protection guidelines in Thailand that aligns with the characteristics of different sectors and the life cycle of personal data processing. The recommended structure includes general principles, practical examples of data processing activities, and frequently asked questions to facilitate usability. The study also suggests phased dissemination according to the readiness of each industry and continuous updates to reflect secondary regulations and evolving circumstances. In conclusion, the article emphasizes that clear, context-sensitive guidelines are a critical condition for enabling the Personal Data Protection Act to achieve its intended goal of effectively safeguarding individuals’ privacy rights in practice.