The following summary is intended to provide a general understanding and awareness of PDPA.
- The Act came into force on 15th November 2013.
- Purpose – To promote the spirit and practice of ethical business and provide a mechanism for the collection, maintenance, retention and disposal of personal data.
- Authority – Personal Data Protection Commissioner, Ministry of Communications & Multimedia.
- Scope – all businesses processing personal data in a commercial transaction in Malaysia. Under the Act, the following classes of data users are required to register with the Commissioner :-
- Banking financial & institution
- Tourism & hospitalities
- Direct selling
- Real estate
- Services – legal, audit, accounting, engineering and architecture.
- Penalty for contravention of the Act – a fine not exceeding RM250, 000 or imprisonment or both.
Roles Pertaining to PDPA
Rights of Data Users
Generally, the right is to continue to process personal data with the purpose of performing a contract agreed upon by the client.
Rights of Data Subject
The rights include right of access to personal data, to correct personal data, to withdraw consent, to prevent processing that is likely to cause damage or distress, and the right to prevent processing for purposes of direct marketing.
Your Role as a Data User
A Data User should ensure that their operations are compliant with the PDPA. Essentially, the following are to be noted:-
- Do not process personal data without the consent of the data subject i.e. your client
- Ensure that processing of personal data is for a lawful purpose.
- Sensitive data can be processed with explicit consent from the Data Subject.
- Have in place a Protection Policy which sets out how the Data User collects, uses and protects Personal Data. The Security Policy covers employees involved in the processing of Personal Data , the control of movement of data , confidentiality etc.
- Data held by the Human Resource Department on staff are also subject to the provisions of the Act.
As this article only provides an overview of PDPA, users are advised to refer to legal counsel for advice on the implementation of the various policies under the PDPA.