PDPC Office demands Foodpanda explain data protection plan for customers and partners

The Office of the Personal Data Protection Committee (PDPC Office) has requested that Foodpanda submit a detailed plan outlining how it intends to destroy the personal data of its customers and partners once it ceases operations next month.

Foodpanda, the Thai arm of German-owned delivery giant Delivery Hero, recently announced that it will shut down its operations in Thailand effective 23 May 2025, citing accumulated losses totalling 13 billion baht.

Compliance Required Under PDPA

Suraphong Plengkham, Secretary-General of the PDPC Office, stated that under the Personal Data Protection Act B.E. 2562 (PDPA), Foodpanda is obligated to prevent the leakage of personal data belonging to its customers, partner restaurants, and delivery riders.

The PDPC Office has asked Foodpanda to submit its data protection and destruction measures ahead of its closure to ensure full compliance with the law.

Obligation During Business Transition

Suraphong noted that the PDPC places great importance on data protection during transitions, such as mergers, closures, or relocation of operations abroad.

“We have asked Foodpanda to explain its compliance with Articles 37 and 40 of the PDPA B.E. 2562, particularly regarding procedures for retaining, deleting, or destroying personal data that is no longer required, as well as measures to prevent data leakage,” Suraphong said.

Potential Legal Action if Non-Compliant

He added that the PDPC Office would closely monitor Foodpanda’s implementation of these measures.

If Foodpanda fails to adequately protect personal data in accordance with the law, it will face legal consequences, he warned.