( July 17, 2026, 08:24 GMT | Official Statement) -- MLex Summary: Thailand’s Personal Data Protection Committee has issued rules governing how data controllers must process requests from individuals seeking access to or copies of their personal data, including requests for disclosure of personal data obtained without the data subject’s consent. Published in the Royal Gazette on Thursday and effective immediately, the rules establish standardized procedures for submitting, verifying and responding to requests under the Personal Data Protection Act. Data controllers must provide accessible request channels, verify the identity or authority of requesters, respond within prescribed timeframes and keep records of requests for at least two years. The rules also specify circumstances in which requests may be refused, permit reasonable fees for complex or excessive requests, require explanations for any refusal and provide mechanisms for extending response deadlines where necessary.The rules are attached....
Prepare for tomorrow’s regulatory change, today
MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.
Know what others in the room don’t, with features including:
- Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
- Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
- Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
- Curated case files bringing together news, analysis and source documents in a single timeline
Experience MLex today with a 14-day free trial.