Brunei Personal Data Protection Order
View Law TextNeed Help with Brunei Personal Data Protection Order Compliance?
Get expert guidance on implementing Brunei's data protection requirements and ensuring ongoing compliance for your organization.
Get Expert HelpOverview
The Personal Data Protection Order establishes comprehensive requirements for the protection of personal data in Brunei, enforced by the Authority for Info-communications Technology Industry.
Key Facts
- Enacted in 2016
- Enforced by AITI
- Applies to all organizations processing personal data in Brunei
Key Principles
Lawful Processing
Personal data must be processed lawfully and with proper authorization.
Requirements
- Obtain valid consent
- Identify legal basis
- Document processing grounds
- Regular compliance reviews
- Maintain processing records
Examples
- Consent mechanisms
- Legal basis documentation
- Processing records
- Compliance reports
Purpose Limitation
Data must be collected for specified and legitimate purposes.
Requirements
- Define clear purposes
- Document purposes
- Limit processing scope
- Regular reviews
- Update as needed
Examples
- Purpose statements
- Processing records
- Review documentation
- Update logs
Data Security
Implementation of appropriate security measures to protect personal data.
Requirements
- Implement security controls
- Regular risk assessments
- Staff training
- Incident response plans
- Security monitoring
Examples
- Security policies
- Training programs
- Incident procedures
- Monitoring systems
Compliance Requirements
Registration Requirements
Organizations must register their data processing activities with the Authority.
Implementation Steps
- Submit registration application
- Document processing activities
- Pay registration fees
- Maintain registration status
- Update when changes occur
Required Documentation
- Registration certificates
- Processing records
- Payment receipts
- Status updates
- Change notifications
International Transfer Requirements
Requirements for transferring personal data outside Brunei.
Implementation Steps
- Assess recipient country adequacy
- Implement transfer safeguards
- Obtain necessary approvals
- Document transfers
- Monitor compliance
Required Documentation
- Transfer assessments
- Safeguard documentation
- Approval records
- Transfer logs
- Monitoring reports
Security Requirements
Implementation of appropriate technical and organizational security measures.
Implementation Steps
- Conduct risk assessments
- Implement security controls
- Train staff
- Regular security audits
- Incident response planning
Required Documentation
- Security policies
- Risk assessments
- Training records
- Audit reports
- Response plans
Enforcement & Penalties
Administrative Penalties
The Authority can impose administrative penalties for violations of the Personal Data Protection Order.
Penalty Categories
Example Cases
Criminal Penalties
Serious violations may result in criminal prosecution.