Insight

Reference

·

Primary source

PDPA Maximum Civil Fine Per Violation

THB 5M per violation

As of2022–2024·Sources3·Primary

Thailand's Personal Data Protection Act (PDPA), which entered full enforcement on June 1 2022, imposes civil penalties of up to THB 5 million per data protection violation, with criminal penalties of up to THB 1 million and/or imprisonment for intentional or negligent breaches. The Office of the Personal Data Protection Committee (PDPC) has begun issuing formal investigations, particularly targeting healthcare providers, e-commerce platforms, and financial services firms. PDPA compliance has directly generated demand for data-classification software, consent-management platforms, and DPO-as-a-service offerings in Thailand's mid-market.

Download CSV ↓Compare plans →

Figure in context

Thailand's Personal Data Protection Act (PDPA), which entered full enforcement on June 1 2022, imposes civil penalties of up to THB 5 million per data protection violation, with criminal penalties of up to THB 1 million and/or imprisonment for intentional or negligent breaches. The Office of the Personal Data Protection Committee (PDPC) has begun issuing formal investigations, particularly targeting healthcare providers, e-commerce platforms, and financial services firms. PDPA compliance has directly generated demand for data-classification software, consent-management platforms, and DPO-as-a-service offerings in Thailand's mid-market.

Thailand's Personal Data Protection Act (PDPA), which entered full enforcement on June 1 2022, imposes civil penalties of up to THB 5 million per data protection violation, with criminal penalties of up to THB 1 million and/or imprisonment for intentional or negligent breaches. The Office of the Personal Data Protection Committee (PDPC) has begun issuing formal investigations, particularly targeting healthcare providers, e-commerce platforms, and financial services firms. PDPA compliance has directly generated demand for data-classification software, consent-management platforms, and DPO-as-a-service offerings in Thailand's mid-market.

Time scope

2022–2024

Source basis

Primary source

Interpretation notes

What this tells you

Thailand's Personal Data Protection Act (PDPA), which entered full enforcement on June 1 2022, imposes civil penalties of up to THB 5 million per data protection violation, with criminal penalties of up to THB 1 million and/or imprisonment for intentional or negligent breaches. The Office of the Personal Data Protection Committee (PDPC) has begun issuing formal investigations, particularly targeting healthcare providers, e-commerce platforms, and financial services firms. PDPA compliance has directly generated demand for data-classification software, consent-management platforms, and DPO-as-a-service offerings in Thailand's mid-market.

What not to do with it

Use the linked report for interpretation and keep basis differences explicit.

Related figures

Adjacent numbers that add context without drowning the value.

2023–2024
~USD 200M–300M

Thailand Cybersecurity Market Size

NCSA Thailand, IDC ASEAN, Gartner Southeast Asia

FY2024
~THB 500M–700M

NCSA Thailand Annual Operating Budget

NCSA Annual Report, MDES Budget Statement, Royal Gazette

2023–2024
~10–15% of total IT budget

Thai Banking Sector IT Security Spend Share

Bank of Thailand IT Risk Circular, SET bank filings, IDC

2022–2023
~1,000–2,000 incidents/year

Thailand Reported Cyber Incidents (NCSA-tracked)

NCSA Annual Cybersecurity Report, PDPC breach notifications

Report context

Thailand Cybersecurity Market Intelligence

Thailand cybersecurity market grew to ~THB 18B in FY2024 driven by PDPA, Cybersecurity Act 2019 enforcement. Telecom-led enterprise services (AIS Secure Net, True Digital, NT), Thai specialists (G-Able, ACIS, Cyber Elite), MNC tech vendors (Palo Alto, Fortinet, CrowdStrike) with Thai channel partners.

Open report →

Atlas actors in this figure's reports

Profiles covered in the report that cite this number.

Advanced Info Service (AIS)

Thailand's largest mobile, fibre operator with adjacent data-centre, edge-compute assets; GULF-SingTel controlled post-2023 JV.

AWS Thailand (Bangkok Region)

AWS Bangkok Region launched January 2025 — first US hyperscale cloud region in Thailand; USD 5B+ 15-year commitment.

True Corporation

Post-2023 TRUE × DTAC merger; ~50M mobile subs; FY2024 revenue ~THB 210B; CP Group, Telenor, China Mobile parents.

Data Protection Officer (DPO) — Thai PDPA Role

The mandatory DPO role under Thailand’s PDPA 2019, required for large-scale data processors and sensitive-data controllers.

Foreign Digital Service VAT Framework (Thailand RD)

Thailand’s VAT-on-foreign-digital-services regime (Section 83/6 bis), requiring non-resident digital providers to register and remit 7% VAT on B2C revenue.

National Cyber Security Agency (NCSA Thailand)

Thai national cybersecurity regulator under Cybersecurity Act 2019; oversees critical-information-infrastructure protection and national cyber-threat response.

PDPA Maximum Civil Fine Per Violation · Insight