Data Protection in Brunei

Transfer in Brunei

At present not a regulated activity.

It is anticipated that under the PDPO, an organization shall not transfer personal data to a country outside Brunei Darussalam except in accordance with requirements prescribed under the PDPO to ensure that the transferred personal data will be accorded a standard of protection that is comparable to that under the PDPO. It is not anticipated that such requirement prescribed by the PDPO will be as stringent and prescriptive as in other jurisdiction, for example the EU, and it is anticipated that the PDPO will place the onus on organizations to ensure that appropriate measures are taken to protect personal data transferred out of Brunei Darussalam through the imposition of contractual obligations or otherwise.

AITI recommends the adoption of the ASEAN Model Contractual Clauses for Cross Border Data Flows (MCCs) which are templates for contractual terms and conditions which may be included in legal agreements between businesses to ensure personal data is protected when engaging in cross border data transfers between ASEAN Member States. But it remains to be seen if the adoption of the MCCs will be popular as it is envisaged that a fair amount of modification will have to be made to the MCCs so as to be compatible with the purposes of any particular cross-border transaction between organisations.

Continue reading

  • no results

Previous topic
Back to top