A small business in Brunei runs a website and collects personal data such as names, phone numbers, emails, and identification details.
At first, data protection is not a main concern. Information is stored casually, shared internally without clear rules, and security is minimal.
One day, a customer asks:
“How do you protect my personal data?”
That simple question leads the business to learn about PDPO — the Personal Data Protection Order of Brunei.
PDPO exists to ensure personal data is handled lawfully, responsibly, and securely. It protects individuals and sets clear responsibilities for organisations.
Under PDPO, the business learns that it must:
- Collect personal data only for clear and necessary purposes
- Obtain consent before collecting or using personal data
- Protect data from loss, misuse, or unauthorised access
- Use data fairly and lawfully
- Allow individuals to access or correct their personal information
The business improves its systems, updates privacy practices, and trains staff to handle data properly.
Customers feel safer. Trust grows.
The business becomes more professional and credible.
PDPO is not just a legal requirement —
it is about respecting privacy, protecting trust, and doing business the right way.
For more information please visit https://pdp.aiti.gov.bn/
