Understanding Malaysia’s Personal Data Protection Act 2010 (PDPA)

What is the Personal Data Protection Act 2010 (PDPA)?

The Personal Data Protection Act 2010 (PDPA) is a law in Malaysia that aims to promote ethical business practices and regulate the collection, maintenance, retention, and disposal of personal data. It came into force on November 15, 2013, and is enforced by the Personal Data Protection Commissioner under the Ministry of Communications & Multimedia.

Who does the PDPA apply to?

The PDPA applies to all businesses that process personal data in a commercial transaction in Malaysia. Certain classes of data users are required to register with the Commissioner, including those in communications, banking and financial institutions, insurance, health, tourism and hospitality, transportation, education, direct selling, real estate, and utilities. Services such as legal, audit, accounting, engineering, and architecture are also covered under the Act.

What are the penalties for contravention of the Act?

A data user who contravenes the Act may face a fine not exceeding RM250,000, imprisonment, or both.

What are the roles pertaining to PDPA?

The roles pertaining to PDPA include the Data User, Data Subject, and Personal Data Protection Commissioner. The Data User is responsible for ensuring that their operations are compliant with the PDPA, while the Data Subject has rights to access and correct their personal data, withdraw consent, and prevent processing for direct marketing purposes.

Roles Pertaining to PDPA

What are the principles of PDPA?

The principles of PDPA include obtaining consent before processing personal data, processing personal data for lawful purposes, and having a Personal Data Protection Policy in place.

Principles

What is your role as a Data User?

As a Data User, you should ensure that your operations are compliant with the PDPA. This includes obtaining consent before processing personal data, processing personal data for lawful purposes, obtaining explicit consent for sensitive data, and having a Personal Data Protection Policy in place to protect personal data. Human resource data is also subject to the provisions of the Act.

Conclusion

Understanding and complying with the Personal Data Protection Act 2010 (PDPA) is essential for businesses operating in Malaysia. It is important to know who the PDPA applies to, the penalties for contravention, the roles pertaining to PDPA, the principles of PDPA, and your role as a Data User. Seek legal counsel for advice on implementing the various policies under the PDPA to ensure compliance and avoid penalties.

Share with your friends & colleagues