As our nation continues to move toward rapid technology adoption, protecting the personal data of Malaysian citizens is becoming an increasing concern for policymakers.
The government has recently introduced several amendments to the Personal Data Protection Act (PDPA) 2010, which imposes several new obligations for all Malaysian businesses involved in data processing.
We urge all businesses categorised as ‘data processor’ to educate themselves promptly to avoid future legal repercussions. You can check out our breakdown of the key points that local businesses should be aware of:
> Penalties for noncompliance have been raised.
The maximum penalties have been increased from RM300,000 and/or imprisonment up to 2 years to RM1,000,000 and/or imprisonment up to 3 years. These penalties apply to managing directors and relevant officers.
> All data processors are now held accountable.
Data processors are now legally required by law to comply with the Security Principle under the PDPA. This involves taking practical steps to protect personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction.
> A Data Protection Officer are required for all data processors
A new mandatory requirement has been introduced for data controllers and data processors to appoint one or more data protection officers (“DPO”) to oversee compliance with the PDPA.
> Reports of any suspected breach must be made to the Commissioner
The Amendment Bill imposes an obligation on data controllers to inform the Commissioner when there is reason to believe that a personal data breach has occurred; failure to do so will result in additional penalties. This applies when personal data has been compromised, hacked, or shared without authorization.
> Biometrics are now included under personal data.
The definition of “sensitive personal data” in the PDPA will be expanded to include “biometric data”, such as fingerprint verification, voice recognition, or facial recognition.
With these amendments to PDPA, alongside the recently enforced Act 854, it is clear that the government is pushing for stricter and more robust cyber security policies.
By understanding and complying with these new data breach notification requirements, Malaysian businesses can protect their reputation, minimize their financial risks, and maintain the trust they have built with customers over the years.
As the regulatory landscape evolves, staying ahead of the curve on policy will be crucial for every Malaysian business owner. For more information on staying compliant with changing policies, please reach out to [email protected].
#cybersecurity #PDPA #Act707 #Act854 #legislation
No comment yet, add your voice below!