Introduction

Cambodia is developing its data protection framework to align with international standards while addressing local needs. This post examines the current legal landscape.

Current Regulations

  1. Law on E-Commerce (2019): Contains provisions on data protection
  2. Sub-Decree on Data Protection (Draft): Expected to be enacted in 2025
  3. Sector-Specific Rules: Banking and telecom regulations with data provisions

Key Requirements

  • Consent: Obtaining clear user consent for data processing
  • Purpose Limitation: Using data only for specified purposes
  • Data Localization: Requirements for certain types of data

Compliance Challenges

  1. Lack of comprehensive standalone data protection law
  2. Limited awareness among local businesses
  3. Enforcement mechanisms still developing

Recommendations

  1. Conduct data mapping and inventory
  2. Implement privacy-by-design principles
  3. Prepare for upcoming regulations
  4. Appoint data protection officers where needed

Conclusion

While Cambodia’s data protection regime is evolving, businesses should proactively adopt best practices to ensure compliance.