SMEs are obligated to meet the various security requirements under Thailand’s Personal Data Protection Act (PDPA) which was enforced in June 2022 by the Personal Data Protection Committee. Though in effect, the committee recently made an announcement declaring that SMEs, social and community enterprises, cooperatives, and foundations would be exempt from certain requirements imposed on data controllers under certain conditions. This exemption, however, does not extend to service providers that collect computer traffic data or those whose collection of data may be considered an infringement on the rights and freedoms of their users.
Learn more from the PrivacyRules experts for Thailand at Silk Legal, read this article https://silklegal.com/are-smes-really-exempt-from-the-pdpa/