More than 90% of incoming mobile phone calls offering products and services have vanished thanks to the Personal Data Protection Act (PDPA), which came into effect on June 1, according to Digital Economy and Society Minister Chaiwut Thanakamanusorn.
He said this means businesses are aware of the law and took efforts to avoid violating it.
Mr Chaiwut said the goal is to roll out 30 subordinate laws of the PDPA by the end of this year to improve the personal data protection ecosystem and provide standards with which enterprises need to comply.
He said the ministry acknowledged the implementation of the PDPA has reduced most incoming calls offering products and services, which was a previous source of consumer complaints.
"We have yet to see critical complaints in relation to enforcement of the PDPA," said Mr Chaiwut.
He said complaints on social media regarding data misuse have also declined.
Mr Chaiwut was speaking yesterday on the sidelines of a seminar on PDPA implementation, organised by the Thai Journalists Association.
He said the PDPA is one of 12 digital-related laws the government is pushing as part of its roadmap for the country's digital economy transformation.
The government also wants to ease the PDPA compliance burden shouldered by small and medium-sized enterprises (SMEs) and community enterprises, while ensuring the law benefits the public, said Mr Chaiwut.
SMEs and community enterprises are exempted from compliance with the PDPA rules on the recording of processing activities.
SMEs are organisations with an annual income of less than 100 million baht and no more than 50 employees.
Community enterprises have an annual income of less than 50 million baht and no more than 30 employees.
Section 4 of the PDPA states the law does not apply to the use of personal data for the household activity of a person, for mass media activities, or for state security purposes.
He said punishment for violation of the law will be waived for six months during a transitional period.
All companies and their employees must acknowledge the enforcement of the PDPA in regard to rules and procedures required, especially those who deal with personal data access.
Enterprises must strictly comply with the rule of privacy for data owners, said Mr Chaiwut.
"Everyone must be aware of the requirements, but they should not panic," he said.
Thienchai Na Nakorn, chairman of the Personal Data Protection Committee (PDPC), said the committee plans to roll out around 30 subordinate laws by the end of this year as a complement to the PDPA enforcement.
The PDPC has approved four subordinate regulations, which are expected to be published in the Royal Gazette later this month.
One is aimed at exempting SMEs from compliance with the PDPA's practices on the recording of processing activities, and another is intended to relax enforcement of punishment.
The other two concern methods of making and recording processing activities involving personal data and security measures for personal data protection.
Mr Thienchai said the PDPA may need amending in the future to make it more practical for enforcement.
