IAS Advisory joins consultation hosted by the Office of the PDPC

IAS Advisory co-founding partner Mr Anuwat Ngamprasertkul and senior associate Mr Piniti Chomsavas, both PDPA specialists, recently joined a consultation hosted by Thailand’s Office of the Personal Data Protection Committee (PDPC). The consultation brought together lawyers and representatives from leading law firms and consulting organisations to provide feedback on the draft sector-specific guidelines and to discuss ways to raise PDPA compliance standards through cooperation between consultants and the PDPC Office.

Anuwat and Piniti shared their views on stakeholder collaboration and the draft sector-specific guidelines for 11 target industry groups, consisting of:

• National Security;
• Essential Public Services;
• ICT & Telecommunications;
• Transportation & Logistics;
• Energy & Public Utilities;
• Public Health;
• Education;
• Finance, Investment & Insurance;
• Tourism;
• Wholesale, Retail & E-Commerce; and
• Real Estate.

The consultation, which took place on 8th July 2026, focused on ensuring that the guidelines provide clear, practical, and sector-appropriate guidance on compliance with Thailand’s Personal Data Protection Act (PDPA). Once finalised, the guidelines are expected to reflect the PDPC’s expectations and serve as a key reference for businesses, while promoting consistent privacy practices and strengthening confidence in Thailand’s digital economy.

We are grateful to the PDPC for the invitation to share practical insights and support the development of helpful industry-specific guidance that will assist businesses in meeting their PDPA obligations more effectively. More importantly, this dialogue reflects the shared commitment of the PDPC and PDPA consultants to supporting and uplifting PDPA compliance standards in Thailand.

Anuwat & Piniti to discuss how GDPR applies within Thailand

IAS Advisory’s data privacy and personal data protection leaders Mr Anuwat Ngamprasertkul and Mr Piniti Chomsavas are looking forward to speaking as part of Privaon‘s upcoming data protection webinar this Wednesday 6th August 2025 from 12:00 to 13:00 (Bangkok time).

Privaon is a globally recognised company in the fields of privacy and data protection that offers both software and advisory services. Founded in 2014 and based in Espoo, Finland, its core services are “Data Protection Officer as a Service (DPOaaS)” and “DPO365″—a program for planning, managing, reporting and monitoring compliance.

Firm co-founder Anuwat and senior associate and data privacy expert Piniti are looking forward to sharing their insights into how EU data protection principles apply within Thailand and how GDPR can help power EU market trust.

Register for Privaon’s Zoom webinar for free using this link: https://privaon.com/event/navigating-data-protection-the-eu-general-data-protection-regulation-gdpr-and-thailand/

MEDIA: reasons to keep your personal information private

IAS Advisory co-founder Mr Anuwat Ngamprasertkul made his latest appearance on national TV in Thailand in the first episode of the latest series of “Good Thinking, Good Society,” a popular news and current affairs programme on TNN2 (TrueVisions channel 784).

Anuwat appeared alongside Mr Surachai Chaiyarangkitrat, Chief Technology Officer (CTO) of Pcubed Thailand, to discuss local data protection laws and the importance of keeping your personal information private.

TNN2 is known in Thailand for presenting a variety of programmes, content, knowledge, and entertainment so that family members and general audiences can get the most out of news consumption. Watch TNN2 HERE.

Hosted by esteemed broadcaster and presenter Dr Denchai Akaradajdachachai, “Good Thinking, Good Society” airs every Saturday and Sunday from 10:00 to 10:30. This episode premiered on 15th June 2025. Disclaimer: all content is owned by TNN Thailand. Visit the TNN Thailand website HERE.

Announcement | Mr Piniti Chomsavas promoted to Senior Associate

We are delighted to announce the promotion of Mr Piniti Chomsavas to Senior Associate, with a key leadership role overseeing our Data Privacy & Personal Data Protection practice.

Piniti is a certified member of the International Association of Privacy Professionals (IAPP) and holds the esteemed Certified Information Privacy Professional/Europe (CIPP/E) designation—widely recognised as the gold standard for privacy professionals worldwide.

Having been with IAS Advisory since its inception, Piniti has played a pivotal role in shaping the firm’s growth and direction. With over nine years of legal experience across both a Big Four audit/consulting firm and a leading law firm, he brings a well-rounded and strategic perspective to complex legal matters.

Beyond his data privacy expertise, Piniti is actively involved in our commercial litigation, shareholder disputes, white-collar crime, and employment law practices. He also serves as a trusted legal advisor on numerous public-private partnership (PPP) infrastructure projects.

Please join us in congratulating Piniti on this well-deserved promotion.

Congratulations, Piniti, from all of us at IAS Advisory!

Anuwat gives “Personal Information Protection” address in Lao PDR

IAS Advisory co-founder Mr Anuwat Ngamprasertkul was greatly honoured to give an address as part of the special seminar “Personal data privacy compliance when carrying out business in Lao PDR,” which took place on Thursday 26th September at DoubleTree by Hilton Vientiane in Lao PDR.

The event was organised by the Thai Business Association of Lao PDR (TBAL), Thailand’s Department of International Trade Promotion (DITP), and the Royal Thai Embassy in Vientiane, Lao PDR.

Distinguished chairpersons of the seminar included H E Ms Morakot Sriswasdi (Ambassador of the Kingdom of Thailand to Lao PDR), Mr Kawin Viriyapanich (Minister-Counsellor (Commercial), Royal Thai Embassy, Vientiane, Lao PDR), and Mr Thamnong Pholthongmak (TBAL President).

In his address, Anuwat detailed how Thailand’s Personal Data Protection Act (PDPA) is affecting the way Thai companies are doing business, its impact on international transactions, and how the PDPA applies when conducting business operations in Lao PDR.

(more…)

Anuwat leads practical sessions on PDPA at Kasetsart University

IAS Advisory co-founder Mr Anuwat Ngamprasertkul was pleased to lead practical sessions on data mapping and privacy risks at Kasetsart University‘s recent Personal Data Protection Act (PDPA) seminar and workshop.

The event, titled “Managing and implementing personal data protection in educational institutions under the PDPA,” took place on Friday 13th September and was led by Assistant Professor Dr Ngamlamai Piolueang, Dean of the Faculty of Social Sciences, who opened proceedings and awarded certificates to participants.

The purpose of the event was to highlight the importance of the PDPA. Given the large personal information stores and data flows in universities and other educational establishments, it is essential for staff to be aware of the practices and regulations that govern data protection to avoid misuse and ensure owners’ consent is obtained prior to data being used for any purpose.

Anuwat’s practical sessions also covered how to create necessary documents, such as consent forms and data processing agreements, and how to properly implement related policies.

(more…)

Reminder of Thai Business Association of Lao PDR (TBAL) special seminar

A reminder of the upcoming meeting on “Personal Information Protection in Thailand,” which is being organised by the Thai Business Association of Lao PDR (TBAL) and Thailand’s Department of International Trade Promotion (DITP).

This special seminar will take place on Thursday 26th September from 13:00 to 20:00 at DoubleTree by Hilton Vientiane in Lao PDR.

Distinguished guest speakers at the meeting will include Ambassador Morakot Sriswasdi, Ambassador of the Kingdom of Thailand to Lao PDR, and Mr Thamnong Pholthongmak, TBAL President.

IAS Advisory co-founder Mr Anuwat Ngamprasertkul is honoured to have been asked to join and talk about how Thailand’s Personal Data Protection Act (PDPA) is affecting the way Thai companies are doing business and its impact on international transactions.

For those interested in attending this prestigious event, please register using the below QR code or, alternatively, call: +856 20 5558-1238.

PDPA enforcement update & implications for your business

Yesterday, on 21st August 2024, the Office of the Personal Data Protection Committee (the “PDPC”) and the Ministry of Digital Economy & Society announced a significant enforcement action. The Expert Committee on Technology & Related Issues (Committee 2) imposed a fine of up to THB 7,000,000 (Seven Million Thai Baht) on a major private company engaged in online trade.

The fine was levied due to the company’s failure to adequately protect personal data, leading to a breach that exposed sensitive information to call centre gangs.

The company had collected personal data from over 100,000 customers but did not appoint a Data Protection Officer, as mandated by Section 41 of the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”). From the PDPC’s investigation, the Company was found to have insufficient security measures in place to protect customer data as required by Section 31(1). They also failed to identify the breach and notify the affected customers and the PDPC of the breach in a timely manner, in violation of Section 37(4).

This is the first administrative fine to be issued under the PDPA. Such enforcement action reflects the PDPA’s alignment with the European Union’s General Data Protection Regulation (the “GDPR”).

Mr Prasert Jantarawongthong, Minister of Digital Economy & Society, emphasised that this decision underscores the importance of compliance with data breach reporting requirements and serves as a cautionary message to all organisations. A further release of the full directive is expected and should benefit other operators in implementing their own compliance practices. It will also provide a clearer picture of the PDPC’s enforcement approach.

For guidance on navigating the PDPA and ensuring the compliance of your organisation, please contact us. Our team of lawyers is here to help you implement effective data protection strategies and avoid regulatory pitfalls.

This article was researched and prepared by Ms Lavanya Dev-Kauffmann.

Piniti Chomsavas awarded coveted CIPP/E privacy qualification

Well done to IAS Advisory associate, Mr Piniti Chomsavas, for successfully completing the International Association of Privacy Professionals (IAPP)’s esteemed certification programme.

Policy neutral, IAPP is the world’s largest and most revered information privacy association, helping organisations successfully manage risks such as data breach and identity theft and implement data security best practices to keep their information secure and protected. With its rigorous training programmes and industry-standard examinations for professionals, leaders, experts and lawmakers, IAPP has grown into the largest and most comprehensive global information privacy community.

The Certified Information Privacy Professional (CIPP) qualification is the industry standard for privacy specialists worldwide. Achieving the CIPP/E credential demonstrates understanding of a principles-based framework and knowledge base in data privacy within the European context, covering critical topics like Schrems II and the GDPR (including Mandatory DPOs).

The CIPP/E is a key benchmark for top firms when engaging privacy professionals, covering European data protection protocols, regulatory institutions, legislative frameworks, compliance, and international data transfers.

(more…)

IAS Advisory delivers PDPA training & workshop event for EXAT

IAS Advisory is proud to have successfully delivered a three-day Personal Data Protection Act (PDPA) training and workshop event for the Expressway Authority of Thailand (EXAT) from 20th-22nd September 2023.

Sessions were led by co-founding partner, Mr Anuwat Ngamprasertkul, and by associate, Mr Piniti Chomsavas, who are experts in data protection and privacy law in Thailand.

Training covered PDPA general knowledge and best practice to help ensure compliance. We also went through case studies from General Data Protection Regulation (GDPR) countries, and looked at how to handle data breaches, consent management, and data subject rights.

Workshops were a hands-on experience for participants, who were divided into groups and given real-life scenarios to solve.

(more…)