Thailand’s Personal Data Protection Act (PDPA) will come into full force in 2021. Sharing many similarities with the General Data Protection Regulations (GDPR), the PDPA could similarly severely affect private and public organisations that have to deal with personal data and its privacy in the same way that the GDPR has. While existing literature on the GDPR provides some initial information about how organisations could apply the GPDR implementation methods to the PDPA implementation process, little is known about what organisations are doing to comply with the PDPA. This research aims to bridge this gap. The objective of this research is 1) to gain an in-depth understanding of how large public and private organisations in Thailand are implementing the PDPA; 2) to determine the necessary steps that organisations must take to meet compliance; 3) to identify the challenges faced by large organisations in seeking to comply with the GDPR.