The Personal Data Protection Committee Office marked its 4th anniversary by revealing alarming data: within just the first four months of 2026, online crime victims in Thailand suffered damages amounting to 7.48 billion baht.
On 26 June, reporters noted that the Personal Data Protection Committee Office (PDPC), an agency under the Ministry of Digital Economy and Society, held its 4th anniversary event. Police Colonel Surapong Plengkam, Secretary-General of the PDPC, stated that the office aims to shift society's perception of the PDPA law from merely a legal obligation ora business costto becoming a foundational infrastructure of the digital economy that builds trust among the public, businesses, investors, and technology development in the country over the long term, under the 'Zero Data Leakage' strategy.
Trust is the core of the digital economy. If Thai people remain uncertain about how their data is used, progress cannot move forward. Today, the PDPC's role is not just a reactive law enforcer but a proactive helper to ensure all sectors use data properly and securely. The goal of zero data leakage may sound challenging, but it is the standard the PDPC aims to reach so that Thais can live online with confidence.
Reporters further noted that on the occasion of its 4th anniversary, the PDPC disclosed that its fourth year unfolds amid an unprecedentedly complex digital risk landscape, including misuse of artificial intelligence (AI), Deepfake technology, cyber threats, and fraudulent economic activities expanding into criminal networks causing widespread damage. Global data reveals AI and Deepfake-related fraud rose by 180% over the past year, with worldwide identity fraud losses exceeding 50 billion US dollars in 2025. Meanwhile, in Thailand, online crime losses in the first four months of 2026 amounted to 7.48 billion baht. These figures reflect that data leaks arethe root source fueling fraudulent schemesand reinforce the importance of the PDPA law and the PDPC's role in national digital security.
Police Colonel Surapong added that over the past four years, the PDPC has continuously driven three main missions: supervision, knowledge promotion, and raising awareness among the public, businesses, and agencies. The PDPC has transitioned from an educational role to proactive regulation and serious law enforcement. It has inspected readiness and provided recommendations to more than 590,000 agencies nationwide and begun issuing administrative fines totaling over 21.5 million baht to organizations neglecting data security measures, covering both public and private sectors under the same standards. Concurrently, the PDPC supports private sector and SME compliance without imposing burdensome costs by developing national-standard tools and platforms and preparing to announce a data protection certification mark to enhance Thai business credibility in international trade and investment.
For the second half of 2026, the PDPC plans to strengthen and elevate measures in multiple areas, including raising standards for data leakage response in line with international practices, establishing a framework for responsible AI governance with special attention to protecting vulnerable groups, especially youth, expanding regional access to PDPC services, and promoting systematic appointment of Data Protection Officers (DPOs) in all organizations to build a digital ecosystem where the public can confidently and safely use online services.