Last modified 11 February 2026

Data Protection in Myanmar

Breach notification in Myanmar

Download PDF

Download current country

Change countries

Change country

Law

Data protection laws in Myanmar

There is no general data protection law in Myanmar. Relevant laws on data protection and privacy can be found in various legislation, which include:

Financial Institutions Law (2016);
Telecommunications Law (2013);
Competition Law (2015);
Law Protecting the Privacy and Security of Citizens (2017);
Notification 116/97 of the Ministry of Finance and Revenue;
Law Relating to Private Health Care Services (2007);
Electronic Transactions Law (2004) and its 2021 amendment; and
Cybersecurity Law (2025)

Related resources

Definitions

Definitions in Myanmar

“Personal data” means any information relating to an identified or identifiable individual.

No definition of sensitive personal data is provided.

Related resources

Authority

National data protection authority in Myanmar

None.

Related resources

Registration

Registration in Myanmar

Not applicable.

Related resources

Data protection officers

Data protection officers in Myanmar

There is no definition for Data Protection Officers, but there is a definition for Personal Data Administrator. The Personal Data Administrator (“PDA”) means “a person and its staff authorized by a government department or an entity having power to conduct the collecting, storing and using of personal data according to the provision of this law or any existing law.” (Section 2(m) of Electronic Transactions Law as amended in 2021).

Related resources

Collection and processing

Collection and processing in Myanmar

By implication from relevant laws, collection and processing of personal data requires consent.

Related resources

Transfer of personal data

Transfer of personal data in Myanmar

By implication from relevant laws, transfer of personal data requires consent.

Related resources

Security

Security in Myanmar

By implication from relevant laws, personal data must be kept with reasonable security arrangements.

Related resources

Breach notification

Breach notification in Myanmar

There is no obligation under the Electronic Transactions Law. The Regulation on Mobile Financial Services (2016) requires that any indications of loss of confidential data of the Mobile Financial Services system shall be notified to the Central Bank of Myanmar in writing no later than two business days of the event. The Cybersecurity Law requires licensed cybersecurity service providers to promptly report any cybersecurity incident to the Information Technology and Cybersecurity Department.

Related resources

Enforcement

Enforcement in Myanmar

None so far as at February 11, 2026.

Related resources

Electronic marketing

Electronic marketing in Myanmar

There is no specific law. However, electronic marketing would generally be governed by the Competition Law (2015), the Consumer Protection Law (2019), E-Commerce Guidelines (2023) and Order for Online Sales Business Registration 2023.

Related resources

Online privacy

Online privacy in Myanmar

There is no specific law. However, the Law Protecting the Privacy and Security of Citizens (2017), Electronic Transactions Law (2004), Cybersecurity Law (2025), E-Commerce Guidelines (2023), Regulation on Mobile Financial Services (2016) and Order for Online Sales Business Registration 2023 deal with privacy of communications and personal data.