You are using an outdated browser and your browsing experience will not be optimal. Please update to the latest version of Microsoft Edge, Google Chrome or Mozilla Firefox. Install Microsoft Edge

March 22, 2021

ASEAN DMF and MCCs: Expectations for National Implementation – Cambodia

OneTrust DataGuidance

Since Cambodia does not have any dedicated laws on data protection, there are no regulatory or enforcement authorities that are specifically tasked with handling, overseeing, or implementing personal data protection matters. Consequently, the following governmental bodies may have substantial powers in this realm: the Ministry of Commerce, the Ministry of Post and Telecommunications, and the Ministry of Interior.

After reviewing the DMF [Data Management Framework adopted by ASEAN] and MCCs [Model Contractual Clauses for Cross-Border Data Flows], we are of the view that these standards broadly align with concepts of data protection that exist under Cambodian laws that implicate data protection issues. Therefore, Cambodian authorities may react positively to the guidelines provided under the DMF and MCCs.

However, implementing these guidelines can be challenging for a developing country such as Cambodia due to the following reasons:

  • inadequate data protection and cybercrime regulations;
  • lack of technological advancement in information and communication technology;
  • lack of technology experts who can effectively deal with advanced computer crimes;
  • the high cost of digital data governance; and
  • the fact that it may be time-consuming to put these guidelines into place.

Positive and negative implications

Furthermore, we anticipate that the guidelines would provide both positive and negative impacts on businesses. In terms of positive impact, the DMF and MCCs will likely:

  • increase the cybersecurity of all companies doing business in Cambodia;
  • enable businesses to have better data processes and protection and more secure internal data collection infrastructure;
  • help businesses gain more credibility and improve their reputations; and
  • increase companies’ customer base as clients will have stronger trust in companies and be willing to share data, knowing they are doing so in a secure environment.

In terms of negative impact, both data exporters and data importers will be strictly required to abide by the data protection guidelines and properly maintain the data they gather within the remit of the law. Some business owners might not be willing to enforce it, and therefore it may discourage business owners and investors from conducting business. In addition, some businesses might not be able to meet the standard requirements. This could cause serious issues for small and medium-sized companies that do not have adequate resources.

However, with the increase of modern technological advancements and online activities, we are of the view that the positive impacts of the DMF and MCCs would outweigh the negative impacts on the businesses.


This excerpt is from an article originally published by OneTrust DataGuidance and is reproduced here with thanks.

Related Professionals