A new cybercrime law, which took effect on Sunday, will help manage cybercrime issues at their source by preventing personal data from being used in criminal activities, according to the Personal Data Protection Committee (PDPC).
PDPC secretary-general Pol Col Surapong Plengkham on Monday said that the Royal Decree on Measures for the Prevention and Suppression of Cybercrime BE 2568 (2025) has been published in the Royal Gazette.
One of its key components focuses on protecting personal data, both directly and indirectly, with harsh penalties for violators, including up to one year in prison and a fine of up to 100,000 baht for those who share data without permission.
Those involved in buying or selling such data will face up to five years’ imprisonment or a fine of 500,000 baht or both.
Pol Col Surapong said this decree is a crucial step to elevate and strengthen efforts to curb cybercrime at its source by preventing personal data from being exploited, particularly by online scammers and call centre gangs.
The law also covers data belonging to deceased individuals, he said. Those who use or allow others to use information about deceased individuals to commit criminal or technological crimes will also face legal punishment.
Pol Col Surapong said the new decree reinforces the existing Personal Data Protection Act (PDPA), which is designed to prevent the malicious use of personal data.
He urged the public to avoid sharing sensitive information and to notify authorities if they suspected their personal information had been compromised or misused.
The commission has also established the PDPC Eagle Eye centre, which works alongside the Cyber Police’s Cyber Eye Centre, to monitor personal data breaches around the clock and swiftly enforce the law, he said.