1.Background
Under Section 41(2) of the Personal Data Protection Act of 2019 of Thailand (“PDPA”), the data controller and the data processor must designate a data protection officer (“DPO”) if their activities with respect to collection, use, or disclosure of personal data (“Data Processing”) require regular monitoring of personal data and system due to the ground that the number of personal data is on a large scale as prescribed by the Personal Data Protection Committee (“PDPC”).
In this connection, on 14 September 2023, the PDPC published the Notification of the Personal Data Protection Committee Re: Designation of a Data Protection Officer according to Section 41(2) of the Personal Data Protection Act B.E. 2562 (2019) B.E. 2566 (2023) (“Notification”) in the Royal Gazette. The Notification will become effective after the expiration of 90 days from the date of…