Overview of PDPO
Organisations
The PDPO sets out obligations of private sector organisations in the collection, use and disclosure of personal data.
Data Controllers refer to organisations which controls the purposes for which personal data is processed
Data Controllers will have 9 Obligations under the Personal Data Protection Order
Appointment of Data Protection Officer (“DPO”) to oversee compliances with new legislation. Organisations to implement PDP policies and communicate them to all staff
Organisations processed personal data that are relevant for the purpose(s) specified, and only for reasonable purposes.
Organisations informs individual the purposes for the collection, use or disclosure of personal data, on or before collecting the personal data.
Organisations to ensure that personal data collected is accurate and complete.
Organisations reasonably secure and protect all personal data in their possession or under their control from unauthorised access and processing; and the loss of any storage device containing the personal data.
Organisations to stop retaining personal data information, as soon as it is assume that the personal data no longer serves the purpose for which it was collected, or any other legal or business purpose.
Organisations to not transfer personal data to a country or territory outside Brunei Darussalam unless there is a similar or better data protection law available. An alternative is to have contracts with specific instruction on data protection across borders.
Obtaining individual's consent prior to processing of personal data, unless authorised by law or an exception under the new legislation applies. Consent is validly obtained and expressly given or deemed to have been given
Organisations to notify the affected individuals if a data breach results in, or is likely to result in, significant harm to them; or is likely to be, of a significant scale.
Data Processor refer to organisations which processes personal data on behalf of another organsiation or public agency. Data processors which process personal data on behalf of another organsiation pursuant to a contract in writing are required to comply with fewer obligations under the PDPO.
Data Processors will have 4 Obligations under the Personal Data Protection Order
Organisations reasonably secure and protect all personal data in their possession or under their control from unauthorised access and processing; and the loss of any storage device containing the personal data.
Organisations to stop retaining personal data information, as soon as it is assume that the personal data no longer serves the purpose for which it was collected, or any other legal or business purpose.
Organisations to notify the affected individuals if a data breach results in, or is likely to result in, significant harm to them; or is likely to be, of a significant scale.
Organisations to not transfer personal data to a country or territory outside Brunei Darussalam unless there is a similar or better data protection law available. An alternative is to have contracts with specific instruction on data protection across borders.
We use cookies
This website or its third-party tools process personal data (e.g. browsing data or IP addresses) and use cookies or other identifiers, which are necessary for its functioning and required to achieve the purposes outlined in the privacy policy and terms of use.
You accept the use of cookies or other identifiers by closing or dismissing this notice, by clicking a link or button or by continuing to browse otherwise.
