SecurePrivacy Logo

Brunei Personal Data Protection Order

View Law Text
Maximum Fine
BND 40,000
Scope
National
Regulator
AITI
Enacted
2016

Need Help with Brunei Personal Data Protection Order Compliance?

Get expert guidance on implementing Brunei's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Personal Data Protection Order establishes comprehensive requirements for the protection of personal data in Brunei, enforced by the Authority for Info-communications Technology Industry.

Key Facts

  • Enacted in 2016
  • Enforced by AITI
  • Applies to all organizations processing personal data in Brunei

Key Principles

Lawful Processing

Personal data must be processed lawfully and with proper authorization.

Requirements

  • Obtain valid consent
  • Identify legal basis
  • Document processing grounds
  • Regular compliance reviews
  • Maintain processing records

Examples

  • Consent mechanisms
  • Legal basis documentation
  • Processing records
  • Compliance reports

Purpose Limitation

Data must be collected for specified and legitimate purposes.

Requirements

  • Define clear purposes
  • Document purposes
  • Limit processing scope
  • Regular reviews
  • Update as needed

Examples

  • Purpose statements
  • Processing records
  • Review documentation
  • Update logs

Data Security

Implementation of appropriate security measures to protect personal data.

Requirements

  • Implement security controls
  • Regular risk assessments
  • Staff training
  • Incident response plans
  • Security monitoring

Examples

  • Security policies
  • Training programs
  • Incident procedures
  • Monitoring systems

Compliance Requirements

Registration Requirements

Organizations must register their data processing activities with the Authority.

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Pay registration fees
  • Maintain registration status
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Processing records
  • Payment receipts
  • Status updates
  • Change notifications

International Transfer Requirements

Requirements for transferring personal data outside Brunei.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain necessary approvals
  • Document transfers
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Approval records
  • Transfer logs
  • Monitoring reports

Security Requirements

Implementation of appropriate technical and organizational security measures.

Implementation Steps

  • Conduct risk assessments
  • Implement security controls
  • Train staff
  • Regular security audits
  • Incident response planning

Required Documentation

  • Security policies
  • Risk assessments
  • Training records
  • Audit reports
  • Response plans

Enforcement & Penalties

Administrative Penalties

The Authority can impose administrative penalties for violations of the Personal Data Protection Order.

Penalty Categories

Severe Violations
Up to BND 40,000
For serious breaches of data protection requirements
Processing Violations
Up to BND 20,000
For unauthorized processing of personal data
Documentation Violations
Up to BND 10,000
For failure to maintain required documentation

Example Cases

Financial Services Company
BND 35,000
2023 - Unauthorized data sharing with third parties
Healthcare Provider
BND 25,000
2022 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to BND 40,000 and imprisonment
For deliberate violations of the law
False Statements
Up to BND 20,000
For providing false information to authorities
Repeat Offenses
Up to BND 80,000
For subsequent violations

Example Cases

Data Theft Case
BND 30,000
2023 - Intentional misuse of personal data
False Documentation
BND 15,000
2022 - Providing false information during investigation