Amendments to Malaysia’s Personal Data Protection Act Explained

Amendments to Malaysia's Personal Data Protection Act Explained

The Personal Data Protection Act 2010 (PDPA) stands as the cornerstone of data protection in Malaysia. The act sets the standard for the handling, processing, and safeguarding of personal data in commercial transactions by Malaysian organisations.

Since its inception, the PDPA has played a pivotal role in regulating the digital landscape. It ensures that personal data is handled according to the specified regulations and confidentiality standards to prevent any form of abuse.

The law consistently evolves to cater to recent issues, which also applies to the Personal Data Protection Act. Therefore, this article serves as a guide to help you understand these changes and how they can affect your organisation.

The Need for Amendments to the Personal Data Protection Act

The recent rapid evolution of technology and the elevated sophistication of cyber threats have necessitated a re-evaluation of the Personal Data Protection Act.

Recognising the need to stay abreast of global data protection standards and to address emerging challenges, the Malaysian government undertook a comprehensive review and amendment of the PDPA.

According to the Deputy Communications and Digital Minister, Teo Nie Ching, the amendments are said to be in the final stages and will be tabled in the near time. This will significantly bolster the framework for data protection in the country.

Key Updates to the Personal Data Protection Act

Enacted in 2010, the PDPA has been under scrutiny ever since to ensure it keeps pace with evolving data protection challenges and aligns with international standards.

The government’s announcement in 2018 to review and amend the PDPA highlighted a proactive approach to enhancing data security and privacy protections.

1. Appointment of Data Protection Officers

One of the hallmark changes is the requirement for organisations to appoint Data Protection Officers. This move aligns Malaysia with international best practices, ensuring a dedicated point of contact for data protection matters within organisations.

Data Protection Officers are tasked with overseeing the development and execution of protection strategies to enhance compliance with the PDPA. Hence, they serve as a bridge between the organisation, data subjects, and regulatory bodies.

2. Mandatory Breach Notification

The amendments have also introduced a mandatory breach notification protocol, compelling organisations to promptly inform both regulators and affected individuals in the event of a data breach.

Consequently, this measure enhances transparency and empowers individuals to proactively safeguard their personal information by adhering to the guidelines outlined for data breach incident reporting.

3. Extension of the Security Principle

The PDPA’s Security Principle, which mandates the protection of personal data against loss, misuse, and unauthorised access, has been extended to include not only data controllers but also data processors such as third-party service providers.

This expansion ensures a more comprehensive protection of personal data across all stages of handling and processing, reducing the risk of data breaches and unauthorised access.

4. Right to Data Portability

Another significant addition to the PDPA is the right to data portability, which grants greater control over personal data. It empowers individuals to obtain and utilise their data for alternate purposes across a range of services, subject to technical system approval.

This concept supports the seamless exchange of personal data, which has been widely adopted in many countries as it facilitates the transfer of personal data between service providers. Subsequently, this addition empowers consumers and fosters a more dynamic and competitive digital economy.

5. Revision of Cross-Border Data Transfer Regulations

Lastly, the previous ‘whitelist’ approach to cross-border data transfers has been replaced with a ‘blacklist’ system.

This change removes the need for pre-approval of countries deemed safe for data transfers. It also allows for more fluid and flexible international data exchanges, barring only transfers to countries identified as ‘unsafe’.

Read More: NFT and Digital Art: Legal Implications in Malaysia

Enhancements Under the New Framework

Enhancements Under the New Framework

The new government’s review of the draft bill suggests a commitment to further strengthening the PDPA, focusing on comprehensive data protection.

1. Increased Penalties for Non-Compliance

Firstly, the amendments have significantly increased fines and penalties for breaches and non-compliance to reinforce the seriousness of data protection. This measure aims to deter negligence and ensure that organisations prioritise safeguarding personal data.

2. Empowerment of the Personal Data Protection Department

Secondly, the Personal Data Protection Department (JPDP) has been elevated to an independent statutory commission, enhancing its authority and enforcement capabilities. This elevation underscores the government’s commitment to robust data protection governance.

Future Implications of The Amendments

As Malaysia strides into a new era of data protection, the amendments to the PDPA mark a significant milestone in the country’s digital journey.

Businesses operating within Malaysia must diligently adhere to the upcoming enhanced provisions of the PDPA, ensuring compliance and contributing to a secure digital environment.

For organisations, the journey towards full compliance with the forthcoming regulations may involve several steps, such as:

  • A meticulous review of current data protection practices
  • The appointment of competent Data Protection Officers
  • The implementation of robust data security measures

Embracing these changes not only aligns businesses with legal requirements but also builds trust with consumers, enhancing brand reputation in the digital age.

Thus, the Malaysian government’s proactive stance in amending the PDPA reflects a broader commitment to safeguarding personal data in an increasingly interconnected world.

By fostering a culture of data protection and privacy, Malaysia is poised to navigate the complexities of the digital future. Moreover, establishing this practice ensures that personal data in Malaysia is protected, respected, and used responsibly.

Read More: Navigating ESG Responsibilities in Malaysian Corporate Law

The Bottom Line

In conclusion, the amendments to Malaysia’s Personal Data Protection Act represent a forward-thinking approach to data protection, aligning the nation with global standards and addressing the ever-changing challenges of the digital landscape.

For businesses and individuals alike, these changes underscore the importance of data privacy and the collective responsibility to uphold it. To find out more about Malaysia’s Personal Data Protection Act and other legal frameworks, visit Sabrina Hashim & Co.