Thailand’s National Legislative Assembly has approved and endorsed the draft Personal Data Protection Act, which will now be submitted for royal endorsement and publication in the Government Gazette. The PDPA provides for a one-year grace period to allow sufficient time for business operators to prepare and implement internal controls and systems for PDPA compliance. The PDPA largely follows and replicates the provisions of the EU General Data Protection Regulation.