Malaysia: The Personal Data Protection Act

« Back to Glossary Index

The Personal Data Protection Act (PDPA) in Malaysia is a comprehensive data protection law that regulates the processing of personal data by individuals and organizations. The law was enacted in 2010 and came into effect in 2013, with the aim of ensuring the protection of personal data in the country.

Under the PDPA, personal data refers to any information that can identify an individual, either directly or indirectly. This includes information such as name, address, contact details, identification number, photographs, and financial information.

The PDPA applies to any individual or organization that processes personal data in Malaysia, regardless of whether they are based in Malaysia or overseas. This means that foreign companies that process personal data of Malaysian individuals are also subject to the law.

The PDPA sets out several obligations for individuals and organizations that process personal data. These include obtaining consent from individuals before collecting, using, or disclosing their personal data, and ensuring that personal data is accurate and up-to-date.

The law also requires individuals and organizations to implement appropriate security measures to protect personal data from unauthorized access, use, or disclosure. This includes implementing physical, technical, and organizational security measures, such as encryption and access controls.

Under the PDPA, individuals have the right to access and correct their personal data held by an organization, and to withdraw their consent for the processing of their personal data. They also have the right to file a complaint with the Malaysian Personal Data Protection Commissioner if they believe that their personal data has been mishandled.

Failure to comply with the PDPA can result in significant penalties, including fines and imprisonment. Organizations can be fined up to RM500,000 (approximately USD 120,000) for a first offense, and up to RM1 million (approximately USD 240,000) for subsequent offenses.

In conclusion, the Personal Data Protection Act (PDPA) in Malaysia is a crucial piece of legislation that provides individuals with control over their personal data and regulates the processing of personal data by organizations. As more and more data is generated and processed in today’s digital age, compliance with the PDPA is essential for any organization that processes personal data in Malaysia.

Download this Resource