Digital Minister, Gobind Singh, has announced that the Cabinet has approved the proposed amendments to the Personal Data Protection Act 2010 (“PDPA”).
The long-awaited PDPA amendment bill is now scheduled to be tabled in Parliament during the last week of the ongoing June-July 2024 session, specifically sometime between July 15 and July 18.
Key proposed amendments that will be introduced include:
- Introduction of a mandatory data breach notification regime
- New obligation for data users and data processors to appoint data protection officer
- Direct obligation for data processors to comply with the Security Principle under the PDPA
- Introduction of a right to data portability for data subjects
- Removal of the whitelisting regime for cross-border data transfers
- Increased financial penalties for breaches of the PDPA
- Inclusion of biometric data as a type of sensitive personal data
These amendments will align Malaysia’s data protection regulatory framework with recent developments in the data protection regulatory landscape at the regional and international level.
Businesses are advised to stay informed about the changes that will be introduced by the PDPA amendment bill. We will provide further updates on the new requirements as well as the steps businesses will need to take to ensure continued compliance with the PDPA when handling personal data, once the amendment bill is tabled in Parliament and made available to the public.
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
