Photo, Kritiyanee Buranatrevedhya

Kritiyanee Buranatrevedhya

Baker & McKenzie Limited Attorneys at Law


Kritiyanee joined Baker McKenzie in 2013 and is a partner in the Intellectual Property and Technology practice. She has experience in data protection, cyber security, and complex technology matters.

Drafted the legal article “the Future is Now and Its Challenges Present: How to determine IP ownership and plan for regulatory compliance in the era of Artificial Intelligence (AI) and the Internet of Things (IoT) symbiosis” published in the Intellectual Property and International Trade Court Law Journal.

Drafted the legal article “Ready or not, Here It Comes - Blockchain and Its Legal Implications” published in the Intellectual Property and International Trade Court Law Journal: Special 20th Anniversary Issue.

Practice Focus

Kritiyanee focuses on data privacy and protection, data analytics, electronic transactions, cloud computing, blockchain, computer crime, and cybersecurity.

She is a Certified Information Privacy Professional/Europe (CIPP/E). She has counseled both international and local companies on the European Union’s General Data Protection Regulation (GDPR), in particular by advising on the differences between the GDPR and Thailand's Personal Data Protection Act (PDPA).

Her previous work included Data Protection and Cyber Security, Technology transactions and ITC regulatory advice, which spanned across various business sectors, including technology, financial services, automotive, insurance, airline, consumer goods & retail, food and beverage, hospitality, and healthcare.

Representative Legal Matters

  • Advised local companies regarding their obligations under the General Data Protection Regulation (GDPR) as their business operations subjected them to liability and comparison with Thai PDPA.
  • Conducted data mapping, identifying gaps from the data mapping results, analysing and providing recommendations on how to close the identified gaps, preparing required legal documents, and strategizing implementation plans.
  • Advised various data protection advisory work including: (1) company and government surveillance & interception; (2) the exploitation of personal data in CRM project; (3) data breach requirements, revising breach notification reports, and how to handle breach reports for the public with care; (4) criminal background checks of employees; (5) internal investigation of employee misconduct; (6) email review and retention; (7) CCTV surveillance; (8) implementation of facial recognition software; (9) the use of sensitive data; (10) whistle-blower hotlines/channels; and (11) the use of personal data for AI training for both global and local clients in a variety of industries.
  • Prepared and revised Privacy Policies, Consent Forms, Parental Consent Forms, Data Transfer Agreements, Data Processing Agreements, Intra-Group Transfer Agreements, Terms and Conditions, Mobile User Agreements, Data Governance Manuals, Data Breach Response Procedures, HR Data Protection Guidelines, IT Policy Handbooks, IT Monitoring Policies, CCTV notice and warning signs, Data Retention Policies, Direct Marketing Policies, Data Subject Rights Policies/Procedures, and Record of Processing Activities.
  • Advised and revised agreements for blockchain-based platform operators handling Thailand's National Digital ID Project.
  • Provided legal advice regarding security and data privacy for e-commerce businesses; business expansion for cloud service providers; mobile applications; websites; streaming services; social networking sites; digital content; and online contests,
  • Involved in an IT outsourcing project to streamline support activities for the client's operating entity in Thailand through a service hub overseas, allowing the client’s local office to focus on developing its core business and increase sales.
  • Guided a digital transaction platform and various other technology companies by providing advice regarding the validity and enforceability of e-signatures, e-transactions, the use of trusted Certificate Authorities and preferences on transforming their traditional operations/services to be electronic based.
  • Advised clients with the inception of an e-map service using GPS as a mobile application.
  • Provided legal advice in the areas of consumer protection, product liability, product recall, e-contest, internet sweepstakes, advertising, labelling, online activities targeting minors, intermediary liability of internet service providers, hosting immunity, safe harbour, spam mail, email marketing, sms and push notifications, and cold call marketing.

Professional Honors

  • Honorable Mentions and Ranked by The Legal 500 AP, 2019-2020 as a key lawyer in data privacy area.
  • Named as a Rising Star by Managing IP in their Rising Stars Awards Asia-Pacific 2021

Professional Associations and Memberships

  • Member, International Association of Privacy Professionals (IAPP)
  • Member, Internet Society (ISOC)
  • Tax Law Certificate, Central Tax Court, Bangkok, Thailand
  • Certified Information Privacy Professional / Europe (CIPP/E)
  • British Legal Technology Forum, London, United Kingdom, 2019
  • The EU's General Data Protection Regulation and Privacy Management Program organized by IAPP at the Institute for European Studies (IES), Vrije Universiteit Brussel (VUB), Brussels, Belgium, 2018
  • The EU's General Data Protection Regulation at the GDPR Summit London, London, 2018
  • Cybersecurity conference (referred to as Cyber Week) at Tel Aviv University, Tel Aviv, Israel, 2017
  • Singapore FinTech Festival in Singapore, 2016-2017
  • Granted a full scholarship to attend Asia-Pacific Internet Governance Academy in University in Seoul, Korea. The Academy is hosted by the Korea Internet & Security Agency (KISA) and the Internet Corporation for Assigned Names and Numbers (ICANN), 2016
  • JPAA IP Practitioners Seminar organized by the Japan Patent Attorneys Association, 2013


  • Thailand (2012)


  • The London School of Economics and Political Science (LL.M., with merit) (2011)
  • Chulalongkorn University (LL.B., 1st class honors) (2008)


  • English
  • Thai

Kritiyanee is a highly coveted speaker, trainer, panelist, and lecturer for a variety of clients and institutions on numerous topics including data protection, PDPA, GDPR, computer crime, digital content, AI, netiquette, and Blockchain. The hosts have included the following:

  • Government entities and regulators: the Electronic Transactions Development Agency (ETDA), Bank of Thailand (BOT), the Office of Insurance Commission (OIC).
  • Industry-specific associations: Pharmaceutical Research and Manufacturers Association (PReMA), the Association of Securities Companies (ASCO), Association of Investment Management Companies (AIMC), and Thai Bankers' Association (TBA).
  • Renowned universities: Chulalongkorn University, Thammasat University, and Chiang Mai University.
  • Various other client and non-client seminars and forums: ASEAN Business Advisory Council (ASEAN BAC), BOT Bangkok FinTech Fair, HSBC, Pandora, Chevron, PTT Group, Takeda, Pruksa, AIA, Krungthai-AXA, SCB Abacus, CIMB, Kiatnakin Bank, Kbank, Abbott, Standard Chartered, Bangkok Bank, Government Savings Bank, EXIM Bank, UBM Asia, Shiseido, Siam Cement Group, Dupont, Seiko, Dharmniti among many others.

In addition to her speaking engagements, Kritiyanee has also written or co-authored articles and provided comments on PDPA, the GDPR impact on Thai companies, Artificial Intelligence (AI), the Internet of Things (IoT), 3D Printing Technology, digital economy related laws, and Blockchain to various news reporters, journalists, and publishers such as Bloomberg BNA, Thomson Reuters, DataGuidance, China Daily, the International Bar Association (IBA), Global Data Review, the American Chamber of Commerce in Thailand (AMCHAM) Journal, the Australian-Thai Chamber of Commerce (AustCham) Journal, German-Thai Chamber of Commerce (GTCC) Journal, Thailand’s Intellectual Property and International Trade Court Law Journal, the Bangkok Post, the Nation and Krungthep Turakij.