Privacy Law at Malaysia
Malaysia's data protection framework is primarily governed by the Personal Data Protection Act 2010 (PDPA), which regulates the processing of personal data in commercial transactions. The PDPA has been significantly amended through the Personal Data Protection (Amendment) Act 2024, aiming to enhance data protection standards and align more closely with international norms.
Legal Framework
Personal Data Protection Act 2010 (Act 709) This foundational law regulates the processing of personal data in commercial transactions, establishing principles for data collection, usage, and protection.
Personal Data Protection (Amendment) Act 2024 Passed in July 2024 and gazetted in October 2024, these amendments introduce significant changes to strengthen data protection, including mandatory data breach notifications, the requirement for Data Protection Officers (DPOs), and expanded definitions of sensitive personal data
🛡️ Key Amendments in 2024
**Mandatory Appointment of Data Protection Officers (DPOs)*: Organizations are now required to appoint a DPO to oversee compliance with the PDPA
*Mandatory Data Breach Notification: Data controllers must notify both the Personal Data Protection Commissioner and affected data subjects in the event of a data breach that is likely to cause significant harm
*Right to Data Portability: Individuals can request the transfer of their personal data to another data controller, subject to technical feasibility
*Expanded Definition of Sensitive Personal Data: Biometric data, such as fingerprints and facial scans, are now explicitly classified as sensitive personal data, requiring explicit consent for processing
*Revised Cross-Border Data Transfer Provisions: The amendments remove the previous whitelist regime, allowing data transfers to countries with laws substantially similar to the PDPA or those ensuring an adequate level of protection
*Increased Penalties: Violations of the PDPA may now result in fines up to RM 1 million and/or imprisonment for up to three years, an increase from the previous maximum penalties
⚖️ Enforcement and Sanction
The Personal Data Protection Commissioner enforces the PDPA and its amendments Organizations found in violation may face penalties up to RM 1 million and/or imprisonment for up to three years
đź“Ś Summary
The 2024 amendments to Malaysia's PDPA represent a significant step toward enhancing data protection and aligning with global standard. Organizations operating in Malaysia should review and update their data protection practices to ensure compliance with the revised legal requirements.
RELATED Blog
0 comments