You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

Search
Close this search box.

Go Back

Gvavalin Mahakunkitchareon

Senior Associate

Biography

Gvavalin Mahakunkitchareon is a senior associate in Tilleke & Gibbins’ corporate and commercial group in Bangkok. She provides assistance and advice to both international and local clients on a wide range of corporate and commercial matters, including corporate services, company formation, data protection, foreign investment (particularly in obtaining foreign business licenses), technology and media, and e-commerce transactions. The depth of her business and legal knowledge and the international scope of her experience make her a much sought-after advisor for clients in a wide range of industries.

Gvavalin graduated from the University of Tasmania (Australia) with an LLB and a Graduate Diploma in Legal Practice. She also holds an MBA from Assumption University in Bangkok. She is admitted to the Supreme Court of Tasmania as a legal practitioner. She is also a member of the Lawyers Council of Thailand, a qualified notarial services attorney, and a Certified Information Privacy Professional/Europe (CIPP/E) recognized by the International Association of Privacy Professionals.

Experience

  • Provided advice to clients in various industries on data privacy and data protection law, including by conducting data mapping exercises, gap analyses, and personal data protection law training sessions.
  • Assisted a leading online travel agency to provide comprehensive advice on data privacy and protection as it relates to their local business operations in Thailand and their relationships with approximately 12,000 partners in Thailand.
  • Prepared a comprehensive handbook for a major tech company on compliance with Thai laws regulating data protection, cybersecurity, fintech, and various other key topics.
  • Drafted and reviewed numerous privacy policies, privacy notices, and terms and conditions for clients across various industries, including luxury goods, automotive, banking and finance, e-commerce, energy, insurance, healthcare, technology, and telecommunication.
  • Advised and assisted international clients in establishing companies in Thailand and provided advice on the setup of subsidiaries, representative offices, and branch offices.
  • Assisted an international logistics company on a complex M&A transaction.
  • Assisted clients in drafting and reviewing a wide range of commercial contracts.
ABOUT Gvavalin

Industries

Aviation

Fintech

Technology

Practices

Banking and Finance

Capital Markets

Corporate/M&A

Employment

Location

Languages

    Thai

    English

Education

    MBA, Assumption University

    GDip (Legal Practice), University of Tasmania

    LLB, University of Tasmania

Insights

August 26, 2024
On August 13, 2024, Thailand’s Personal Data Protection Committee (PDPC) published a notification on the Criteria for Personal Data Deletion, Destruction, and De-identification in the Government Gazette, taking effect on November 11, 2024. Most of the content remains unchanged from the June 2024 draft of the legislation that was released for public comment. Only minor amendments have been made, as outlined below: Data controllers must respond to data subjects’ requests to delete, destroy, or de-identify personal data, including any copies or backups, without delay and within 90 days of receiving the request. This timeframe has been extended from the previous draft, which allowed only 60 days. In deleting, destroying, or de-identifying personal data, the data controller must ensure that no one is able to recover or reverse personal data to enable the direct or indirect identification of the data subject by any means that could reasonably be expected. If the data controller cannot fulfill the request within the 90-day period, it must take measures to ensure that the personal data is made difficult to collect, use, or disclose until the personal data can be deleted, destroyed, or de-identified according to the notification. In such cases, appropriate organizational, technical, and physical measures must be implemented to protect the data, meeting the criteria set forth by the notification. One newly added provision allows data controllers to delete, destroy, or de-identify a data subject’s personal data using a different method than the one requested by the data subject, provided they inform the data subject of the alternative method. However, this is not allowed when the data subject exercises this right on the grounds that the personal data has been unlawfully collected, used or processed, and there are no grounds to reject the request. In relation to the de-identification or anonymization of personal
Read More
August 22, 2024
The Personal Data Protection Committee (PDPC) of Thailand’s Ministry of Digital Economy and Society (MDES) has announced the first administrative fine under the Personal Data Protection Act B.E. 2562 (2019) (PDPA). A major private company was fined THB 7 million for noncompliance with specific PDPA requirements, resulting in the unauthorized disclosure of personal data to a call center gang (phone scam fraudsters). Key Findings of Noncompliance The PDPC determined that there were three key violations of specific requirements of the PDPA: Failure to appoint a data protection officer (DPO): Despite processing personal data for over 100,000 individuals as part of its core operations, the company did not appoint a DPO. Inadequate security measures: The company lacked the required security measures, leading to a data breach involving a call center gang, causing widespread damage. Delayed data breach notification: The company did not notify authorities of the data breach within the required timeframe and failed to address the breach promptly, making it impossible to remedy the situation. In addition to the monetary fine, the PDPC, along with the PDPA’s Expert Committee, issued a corrective order requiring the company to undertake the following actions and notify the Office of the PDPC of the relevant correction measures within seven days of receiving the order: Implement up-to-date security measures: The company must improve its current security measures to prevent future breaches and ensure that the security measures are up-to-date with changing technologies. Raise awareness of personnel: The company must provide training to relevant personnel to ensure awareness of data compliance and protection practices. This significant administrative action establishes a precedent for addressing data breaches in both governmental and commercial sectors in Thailand. It also confirms the importance of PDPA compliance, particularly the need for robust security measures, timely breach notifications, and the appointment of
Read More
July 10, 2024
The need for privacy and security has grown in tandem with the rapid proliferation of internet-enabled technologies. This is a major concern for consumers and individuals, and governments are increasingly mindful of online threats to their national security and their citizens. All of this represents an imposing challenge for companies—especially now that technology has enabled them to operate with relative ease across jurisdictions throughout the world.
Read More
June 24, 2024
In March 2024, a Thai court of first instance handed down a decision in a personal data protection case against an insurance company in Thailand. The landmark ruling has important implications for the disclosure of special categories of personal data. The case concerned an individual, acting as the plaintiff, who filed a claim against an insurance company, as a data controller, and its representatives, for collecting, using, and disclosing the results of the plaintiff’s blood alcohol level test, along with a photo of the plaintiff taking the test, without explicit consent, resulting in his insurance claim being rejected. The company also disclosed the data to the insured party, who is the plaintiff’s family member, causing the plaintiff to suffer reputational damage, discrimination, humiliation, and ill treatment. Since results of a blood alcohol level test are considered a special category of personal data pursuant to section 26 of the Personal Data Protection Act B.E. 2562 (2019) (PDPA), the plaintiff filed the claim with the criminal court, requesting that the criminal penalties under the PDPA and the Penal Code be imposed on the defendants, and that the defendants delete or destroy the plaintiff’s personal data. The insurance company argued that it had disclosed the test results and the photograph to the plaintiff’s family member—as the insured under the insurance agreement—for the purpose of informing the insured of the rejection of the insurance claim. Considering these facts and reasons, the criminal court ruled that the processing of this special category of personal data was necessary for the defense of the insurance company’s legal claims pursuant to section 26(4) of the PDPA, and therefore, explicit consent was not required. As a result, the criminal court dismissed the case. Key Takeaways While this case was dismissed, it indicates that explicit consent is not the
Read More

Awards & Rankings

September 30, 2024
Tilleke & Gibbins has once again been recognized in the 2024 Asian Legal Business M&A rankings, retaining its Tier 2 position for both Thailand and Vietnam. This marks the 11th consecutive year that the firm has been acknowledged in the publication, reflecting its sustained strength in the M&A market across the region. The magazine’s M&A rankings evaluate firms based on several key metrics, including the volume, complexity, and size of transactions handled, as well as the firm’s presence across Asia. The rankings also take into account key personnel hires and the overall growth of each practice group. The evaluation period for the 2024 edition spanned from August 2023 to July 2024. Tilleke & Gibbins’ representation in the Thailand and Vietnam rankings reflects the firm’s reputation for consistently strong support of corporate transactions across Southeast Asia. Asian Legal Business, owned by Thomson Reuters, is a leading source of information for legal professionals active in the region. To learn more about the M&A rankings, and to browse the full rankings, please see the Asian Legal Business website.
Read More
September 13, 2024
The 2024 edition of the IFLR1000 Asia-Pacific rankings, released by International Financial Law Review (IFLR), highlights Tilleke & Gibbins’ continued excellence in financial and corporate transactional work. The firm has retained its strong rankings across multiple jurisdictions and practice areas, reaffirming its position as a leading firm in the Asia-Pacific region. This year, Tilleke & Gibbins received firmwide rankings in key jurisdictions, including: Thailand Banking & Finance – Tier 3 Capital Markets: Debt – Tier 3 Capital Markets: Equity – Tier 3 M&A – Tier 2 Project Development – Tier 2 Restructuring & Insolvency – Tier 3 Vietnam Banking & Finance – Other Notable M&A – Tier 3 Project Development – Tier 3 Cambodia Financial & Corporate – Tier 2 Project Development – Tier 2 Laos Financial & Corporate – Tier 2 In addition to these firmwide rankings, Tilleke & Gibbins had several standout individual recognitions, with 10 lawyers honored in the 2024 individual rankings, including new entries for John Frangos, Niti Muangkote, Santhapat Periera, and Tram Ngoc Bich Nguyen. The full list is as follows: Charunun Sathitsuksomboon – Highly Regarded, M&A, Thailand Charuwan Charoonchitsathian – Rising Star, M&A, Thailand David Mol – Rising Star, Corporate and M&A, Cambodia Jay Cohen – Highly Regarded, Banking, Cambodia John Frangos – Notable Practitioner, Restructuring & Insolvency, Thailand (new ranking) Niti Muangkote – Rising Star, Financial & Corporate, Laos; Highly Regarded, Banking & Finance, Thailand (new ranking) Saithong Rattana – Notable Practitioner, Project Development and M&A, Laos Santhapat Periera – Highly Regarded, Banking, M&A, Laos; Highly Regarded, Banking & Finance, Thailand (new ranking) Supasit Boonsanong – Highly Regarded, Project Development, Thailand Tram Ngoc Bich Nguyen – Highly Regarded, M&A, Vietnam (new ranking) To see the full set of IFLR1000 rankings for Tilleke & Gibbins’ jurisdictions, please see the Cambodia, Laos, Thailand, and
Read More
September 12, 2024
Tilleke & Gibbins has once again secured impressive rankings in the recently released Asialaw 2024 rankings. The firm has maintained its position as a top legal service provider across multiple jurisdictions, earning a total of 39 rankings in practice and industry groups, 19 of which are in the highest tiers. The firm’s performance continues to reflect its exceptional client service and legal expertise across Southeast Asia. Tilleke & Gibbins is recognized in all available categories for Cambodia, Laos, and Thailand, demonstrating the firm’s strong presence across the region. In the individual rankings, 22 of the firm’s practitioners have been recognized, including three notable promotions and three new entries: Charunun Sathitsuksomboon (Thailand), newly ranked as a Notable Practitioner for Corporate and M&A. Linh Thi Mai Nguyen (Vietnam), promoted to Distinguished Practitioner for Intellectual Property. Loc Xuan Le (Vietnam), promoted to Elite Practitioner for Intellectual Property. Niti Muangkote (Laos), a new entry as a Rising Star for Banking and Finance. Prisna Sungwanna (Laos), newly ranked as a Distinguished Practitioner for Corporate and M&A and Banking & Finance. Suebsiri Taweepon (Thailand), promoted to Distinguished Practitioner for Intellectual Property and Technology and Telecommunications. Client feedback remains a key component of the Asialaw rankings, with Tilleke & Gibbins earning high praise for its responsiveness and commercial awareness. The firm’s sector-specific knowledge also continues to stand out, with clients expressing their appreciation of the firm’s understanding of their businesses’ operational contexts. For more details and to browse the full rankings, please visit the Asialaw website.
Read More
July 19, 2024
Tilleke & Gibbins has been shortlisted for six awards at the Asialaw Awards 2024. The nominations highlight the firm’s outstanding performance and leadership in Southeast Asia’s legal landscape. The firm has received the following nominations: Regional Corporate/M&A Firm of the Year Cambodia Firm of the Year Laos Firm of the Year Thailand Firm of the Year In addition to the firm nominations, two individuals from Tilleke & Gibbins have been recognized for their exceptional contributions: Prisna Sungwanna – Laos Female Lawyer of the Year Charunun Sathitsuksomboon – Thailand Female Lawyer of the Year The Asialaw Awards celebrate the leading law firms and legal professionals across the region, recognizing excellence in practice and service. The winners will be announced at a ceremony in Kuala Lumpur, Malaysia, on September 26. For more information on the Asialaw Awards 2024 and to browse a full list of the winners, please visit the Asialaw website.
Read More

Other Professionals

See All Professionals

Contact

We have seven offices in six countries
across Southeast Asia.

Contact Us

Careers

We are always seeking great people to grow
our amazing team.

Join Us

Networks

© 2024 Tilleke & Gibbins International Ltd. All rights reserved.

© 2020 Tilleke & Gibbins International Ltd. All rights reserved.

Privacy Policy

| Fraudulent Communications

| Legal Notice