The ASEAN Data Management Framework and ASEAN Model Contractual Clauses for Cross Border Data Flows are key resources and tools for ASEAN businesses to utilise in their data-related business operations.

The ASEAN DMF is a guide for businesses, particularly Small and Medium Enterprises to implement a data management system. This includes guidelines for data governance structures and appropriate data protection safeguards depending on the underlying purpose of the dataset of interest throughout its lifecycle.

MCCs are contractual terms and conditions that may be included in the binding legal agreements between businesses when transferring personal data to each other across borders.

The ASEAN DMF and MCCs will benefit ASEAN Businesses and Citizens in ASEAN Member States at all stages of development. First, it will help ASEAN businesses build a brand of trust, transparency and accountability with their business partners and consumers, meet data protection standards and regulations of other foreign clients, and build readiness to take up new digital opportunities from foreign companies. MCCs will also help reduce the cost of compliance by Small and Medium Enterprises to data protection regulations as they would not need to spend on negotiations on contracts by using the templatised MCCs. Second, citizens can be assured that the personal data held by businesses in the ASEAN digital economy that adopt these standards are safeguarded, thereby increasing citizen trust and participation in the digital economy. Third, the adoption of the DMF and MCCs do not require ASEAN Member States to introduce additional or amend existing regulations.

The initiatives were developed by the ASEAN Working Group on Digital Data Governance, chaired by Singapore, in close consultation with key associations and businesses in the ASEAN industry. These initiatives also received positive feedback from various international organisations, business associations and companies. underscoring their practical value.

https://asean.org/wp-content/uploads/2021/08/ASEAN-Model-Contractual-Clauses-for-Cross-Border-Data-Flows.pdf

• Asia and Pacific

• The poor
• SMEs

While the DMF and MCCs are primarily designed for data management and flow of personal data within ASEAN from businesses in one Member State to another Member State, parties may adapt them with appropriate modifications at their discretion for management and transfers between businesses intra-country in each ASEAN Member State, or transfers to non-ASEAN Member States. In particular, to non-ASEAN Member States those with legal regimes based upon the principles of the APEC Privacy Framework or OECD Privacy Guidelines, from which the principles in the ASEAN Framework on Personal Data Protection (2016) are derived.

The DMF and MCCs are frameworks that are technology neutral and have also taken into consideration the possible different regulations in the 10 AMS. The DMF is a risk-based accountability framework that can be used by any business entity. The MCCs are developed as baseline clauses and can be modified or enhanced as per the business needs.

We are aware that the opportunities for participating in the digital economy are not evenly distributed. The DMF and MCCs promote the value that businesses of all sizes, especially SMEs, can benefit from the opportunities that ICTs can offer. This happens when there is a high level of confidence and security in the use of ICTs, which the DMF and MCCs seek to ensure in ASEAN’s digital economy when data is managed and transferred across borders. In addition, along with the DMF and MCCs, the project had also put in place capacity building programmes to ensure that the necessary skills are acquired among ASEAN Member States and its private sector.