TheArtOfService
Back to Frameworks

Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)

Self-Assess
Cambodia
v2022
5 domains
20 controls

Cambodia's Sub‑Decree No. 134 on the Management of Personal Data in the Digital Sector, issued on 30 May 2022 under the Law on E‑Commerce (Law No. 6/2020) and effective from 1 January 2023, establishes the country's first comprehensive data‑protection framework. It sets out principles for personal data processing, consent requirements, data‑subject rights, obligations of data controllers and processors, cross‑border data transfer rules, and enforcement mechanisms. The decree maps to 11 privacy domains and 53 specific controls.

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (5)

Governance

6 controls
Controls in the Governance domain of Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)6 controls
CodeTitle
SD134-1Scope and Application
SD134-16Complaint Handling
SD134-18Training and Awareness
SD134-19MPTC Reporting
SD134-2Definitions of Personal Data
SD134-20Penalties and Enforcement

Incident Response

1 controls
Controls in the Incident Response domain of Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)1 controls
CodeTitle
SD134-17Incident Notification

Privacy

9 controls
Controls in the Privacy domain of Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)9 controls
CodeTitle
SD134-10Retention Limitation
SD134-12Third-Party Disclosure
SD134-13Cross-Border Transfer
SD134-15Subscriber Rights
SD134-3Lawful Collection
SD134-4Consent Requirements
SD134-5Purpose Limitation
SD134-6Data Minimisation
SD134-7Accuracy and Quality

Security

3 controls
Controls in the Security domain of Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)3 controls
CodeTitle
SD134-11Secure Disposal
SD134-8Security Safeguards
SD134-9Access Control

Third-Party

1 controls
Controls in the Third-Party domain of Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)1 controls
CodeTitle
SD134-14Processor Oversight

Your Compliance Coverage

If you comply with Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134), you already cover:

GDPR

55%

11 controls mapped

Compare →

ISO 27018:2019

10%

2 controls mapped

Compare →

ISO 27701:2019

10%

2 controls mapped

Compare →

+ 4 more: ISO 27002:2022 (5%), ISO 27001:2022 (5%)

See all 7 mapped frameworks ↓

Maps to 7 other frameworks

20 total controls
GDPR
11 source controls mapped|7 target controls covered
55%
ISO 27018:2019
2 source controls mapped|2 target controls covered
10%
ISO 27701:2019
2 source controls mapped|2 target controls covered
10%
ISO 27002:2022
1 source controls mapped|1 target controls covered
5%
ISO 27001:2022
1 source controls mapped|1 target controls covered
5%
ISO 37001:2016
1 source controls mapped|1 target controls covered
5%
ISO 13485:2016
1 source controls mapped|1 target controls covered
5%
Compare Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) with GDPR

Frequently Asked Questions

What is Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134)?

Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) is a compliance framework from Cambodia with 5 domains and 20 controls. Cambodia's Sub‑Decree No. 134 on the Management of Personal Data in the Digital Sector, issued on 30 May 2022 under the Law on E‑Commerce (Law No. 6/2020) and effective from 1 January 2023, establishes the country's first comprehensive data‑protection framework. It sets out principles for personal data processing, consent requirements, data‑subject rights, obligations of data controllers and processors, cross‑border data transfer rules, and enforcement mechanisms. The decree maps to 11 privacy domains and 53 specific controls. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) have?

Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) has 20 controls organised across 5 domains. The largest domains are Privacy (9 controls), Governance (6 controls), Security (3 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) map to?

Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) maps to 7 other compliance frameworks. The top mapping partners are GDPR (55% coverage), ISO 27018:2019 (10% coverage), ISO 27701:2019 (10% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) compliance?

Start your Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Cambodia Sub-Decree on Personal Data Protection (Sub-Decree No. 134) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 20 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required