Brunei Personal Data Protection Order 2022 (PDPO)
The Personal Data Protection Order (PDPO) 2022, issued under the Emergency (Prohibition of Certain Acts) Order, establishes a comprehensive data protection framework for Brunei Darussalam. The Authority for Info-communications Technology Industry (AITI) is designated as the data protection authority responsible for enforcement and compliance. The PDPO aligns with the APEC Privacy Framework, setting out obligations for data controllers, rights for data subjects, and enforcement mechanisms.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
Brunei PDPO Part 1-2: Preliminary and Administration
| Code | Title |
|---|---|
| BN-PDPO-s2 | Interpretation |
| BN-PDPO-s3 | Application of Order |
| BN-PDPO-s4 | Administration of the Order (the Authority) |
| BN-PDPO-s5 | Functions and duties of the Authority |
Brunei PDPO Part 10-12: Offences, Enforcement and Remedies
| Code | Title |
|---|---|
| BN-PDPO-s31 | Unauthorised disclosure of personal data |
| BN-PDPO-s32 | Improper use of personal data |
| BN-PDPO-s33 | Unauthorised re-identification of anonymised information |
| BN-PDPO-s36 | Directions for non-compliance |
| BN-PDPO-s37 | Financial penalties |
| BN-PDPO-s42 | Appeal from direction or decision of the Authority |
| BN-PDPO-s59 | Right of private action |
Brunei PDPO Part 3: Accountability
| Code | Title |
|---|---|
| BN-PDPO-s7 | Responsibilities of organisation (accountability) |
Brunei PDPO Part 4: Consent
| Code | Title |
|---|---|
| BN-PDPO-s10 | Valid consent |
| BN-PDPO-s11 | Deemed consent |
| BN-PDPO-s13 | Withdrawal of consent |
| BN-PDPO-s14 | Collection, use and disclosure without consent |
| BN-PDPO-s8 | Consent required |
| BN-PDPO-s9 | Consent for direct marketing messages |
Brunei PDPO Part 5-6: Purpose, Notification, Access and Correction
| Code | Title |
|---|---|
| BN-PDPO-s15 | Limitation of purpose and extent |
| BN-PDPO-s17 | Notification of purpose |
| BN-PDPO-s18 | Access to personal data |
| BN-PDPO-s19 | Correction of personal data |
| BN-PDPO-s20 | Exercise of rights on behalf of an individual |
Brunei PDPO Part 7: Care of Personal Data
| Code | Title |
|---|---|
| BN-PDPO-s21 | Accuracy of personal data |
| BN-PDPO-s22 | Protection of personal data |
| BN-PDPO-s23 | Retention of personal data |
| BN-PDPO-s24 | Transfer of personal data outside Brunei Darussalam |
Brunei PDPO Part 8-9: Data Breach Notification and Public Agency Processors
| Code | Title |
|---|---|
| BN-PDPO-s26 | Notifiable data breaches |
| BN-PDPO-s27 | Duty to conduct assessment of a data breach |
| BN-PDPO-s28 | Duty to notify a notifiable data breach |
| BN-PDPO-s29 | Obligations of a data processor of a public agency |
Maps to 2 other frameworks
Frequently Asked Questions
What is Brunei Personal Data Protection Order 2022 (PDPO)?
Brunei Personal Data Protection Order 2022 (PDPO) is a compliance framework from Brunei Darussalam with 7 domains and 31 controls. The Personal Data Protection Order (PDPO) 2022, issued under the Emergency (Prohibition of Certain Acts) Order, establishes a comprehensive data protection framework for Brunei Darussalam. The Authority for Info-communications Technology Industry (AITI) is designated as the data protection authority responsible for enforcement and compliance. The PDPO aligns with the APEC Privacy Framework, setting out obligations for data controllers, rights for data subjects, and enforcement mechanisms. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Brunei Personal Data Protection Order 2022 (PDPO) have?
Brunei Personal Data Protection Order 2022 (PDPO) has 31 controls organised across 7 domains. The largest domains are Brunei PDPO Part 10-12: Offences, Enforcement and Remedies (7 controls), Brunei PDPO Part 4: Consent (6 controls), Brunei PDPO Part 5-6: Purpose, Notification, Access and Correction (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Brunei Personal Data Protection Order 2022 (PDPO) map to?
Brunei Personal Data Protection Order 2022 (PDPO) maps to 2 other compliance frameworks. The top mapping partners are GDPR (16% coverage), PDPA Singapore (13% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with Brunei Personal Data Protection Order 2022 (PDPO) compliance?
Start your Brunei Personal Data Protection Order 2022 (PDPO) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Brunei Personal Data Protection Order 2022 (PDPO) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 31 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required