Since Cambodia does not have any dedicated laws on data protection, there are no regulatory or enforcement authorities that are specifically tasked with handling, overseeing, or implementing personal data protection matters. Consequently, the following governmental bodies may have substantial powers in this realm: the Ministry of Commerce, the Ministry of Post and Telecommunications, and the Ministry of Interior.
After reviewing the DMF [Data Management Framework adopted by ASEAN] and MCCs [Model Contractual Clauses for Cross-Border Data Flows], we are of the view that these standards broadly align with concepts of data protection that exist under Cambodian laws that implicate data protection issues. Therefore, Cambodian authorities may react positively to the guidelines provided under the DMF and MCCs.
However, implementing these guidelines can be challenging for a developing country such as Cambodia due to the following reasons:
Positive and negative implications
Furthermore, we anticipate that the guidelines would provide both positive and negative impacts on businesses. In terms of positive impact, the DMF and MCCs will likely:
In terms of negative impact, both data exporters and data importers will be strictly required to abide by the data protection guidelines and properly maintain the data they gather within the remit of the law. Some business owners might not be willing to enforce it, and therefore it may discourage business owners and investors from conducting business. In addition, some businesses might not be able to meet the standard requirements. This could cause serious issues for small and medium-sized companies that do not have adequate resources.
However, with the increase of modern technological advancements and online activities, we are of the view that the positive impacts of the DMF and MCCs would outweigh the negative impacts on the businesses.
This excerpt is from an article originally published by OneTrust DataGuidance and is reproduced here with thanks.