SecurePrivacy Logo

Cambodia Personal Data Protection Law

View Law Text
Maximum Fine
2% of revenue
Scope
National
Regulator
DPA
Status
Pending

Need Help with Cambodia Personal Data Protection Law Compliance?

Get expert guidance on implementing Cambodia's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

Cambodia's Personal Data Protection Law establishes comprehensive requirements for the processing of personal data, introducing modern data protection standards and enforcement mechanisms.

Key Facts

  • Expected to be enacted in 2024
  • Enforced by Data Protection Authority
  • Includes data localization requirements

Key Principles

Lawfulness and Consent

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain consent records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Transparency

Data processing must be transparent to data subjects.

Requirements

  • Provide clear privacy notices
  • Inform of processing purposes
  • Disclose data sharing
  • Update privacy information
  • Document communications

Examples

  • Privacy notices
  • Processing notifications
  • Communication records
  • Information updates

Data Security

Implementation of appropriate security measures to protect personal data.

Requirements

  • Implement security controls
  • Regular risk assessments
  • Staff training
  • Incident response plans
  • Security monitoring

Examples

  • Security policies
  • Training programs
  • Incident procedures
  • Monitoring systems

Compliance Requirements

Registration Requirements

Organizations must register their data processing activities with the Data Protection Authority.

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Pay registration fees
  • Maintain registration status
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Processing records
  • Payment receipts
  • Status updates
  • Change notifications

Data Localization Requirements

Requirements for storing and processing personal data within Cambodia.

Implementation Steps

  • Assess data storage locations
  • Implement local storage solutions
  • Document data flows
  • Monitor compliance
  • Regular audits

Required Documentation

  • Storage location inventory
  • Data flow diagrams
  • Compliance reports
  • Audit logs
  • Review documentation

Enforcement & Penalties

Administrative Penalties

The Data Protection Authority can impose administrative penalties for violations of the law.

Penalty Categories

Severe Violations
Up to 2% of annual revenue
For serious breaches of data protection requirements
Processing Violations
Up to 1% of annual revenue
For unauthorized processing of personal data
Documentation Violations
Up to KHR 100M
For failure to maintain required documentation

Example Cases

E-commerce Platform
KHR 80M
2024 - Unauthorized data sharing with third parties
Financial Institution
1.5% of revenue
2024 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to 5 years imprisonment
For deliberate violations of the law
Data Theft
Up to 3 years imprisonment
For unauthorized access and theft of personal data
False Statements
Up to KHR 50M
For providing false information to authorities

Example Cases

Data Breach Case
Criminal charges
2024 - Intentional exposure of sensitive personal data
Compliance Violation
KHR 40M
2024 - Repeated non-compliance with authority orders