Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.



New Guidelines from Malaysia’s Personal Data Protection Department

PrintMailRate-it
​​​​​​published on 27 April 2022 | reading time approx. 2 minutes

In early 2022 the Malaysian Personal Data Protection Department (PDPD) published documentation to support data users in their compliance with the Malaysian Personal Data Protection Act of 2010 (PDPA).

The PDPD is an agency under the Ministry of Communications and Multimedia Commission with the main responsibility to oversee the processing of personal data of individuals involved in commercial transactions by User Data that is not misused and misapplied by the parties concerned. The new documentation in  the first step included a Guide to Preparation of Personal Data Protection Notice which aims to serve as reference for data users to prepare simple, comprehensive and tailored privacy notices for compliance with PDPA requirements. Although the guide does not have legal force, data users are encouraged to abide by the requirements set out in it as best practice.

Further, in February 2022 the PDPD published (i) the Code of Practice for Private Hospitals in the Healthcare Industry which applies to all private hospitals that are licensed under the Private Healthcare Facilities & Services Act 1998 and (ii) the Code of Practice for the Utilities Sector which applies to certain water supply entities. Non-compliance with the code of practice in the prescribed sectors is an offence under the PDPA, and data users can be sanctioned with a fine up to MYR 100,000 (~ USD 24,000) and/or imprisonment up to one year.

Also in February 2022, the Personal Data Protection Commissioner released (i) Circular No. 1/2022 on the Requirement to Register as Data User under the Personal Data Protection Act 2010 (Act 709) and (ii) Circular No. 3/2022 on the Obligation to Renew Certificate of Registration as Data User under the Personal Data Protection Act 2010 (Act 709), both reminding prescribed classes of data users of their respective obligations under the PDPA. If data users under the prescribed classes process personal data without certificate of registration, such PDPA offence may attract liability to a fine up to MYR 500,000 and/or imprisonment up to three years. Failure of renewal may also result in a fine up to MYR 250,000 and/or imprisonment up to two years.

 DATA PROTECTION BITES

CONTACT

Contact Person Picture

Markus Schlüter

Partner

+49 221 949 909 342

Invia richiesta

 RÖDL & PARTNER MALAYSIA

​​Discover more about our offices in Malaysia. Read more »
Deutschland Weltweit Search Menu