+44 (0) 121 582 0192 [email protected]


In this digital transformation era and the growing importance of data, protecting personal information is more critical than ever. Malaysia has been ahead of the curve with its Personal Data Protection Act (PDPA), In our latest article, Malaysia PDPA: 13 Years On, Time for Data Privacy Compliance Reassessment? we look into the rapid evolution of technology and the emergence of new global data privacy regulations; it is a pertinent time for organisations to revisit their data privacy compliance programs and strategies. This article delves into the status of the Malaysia PDPA, recent updates, and the necessity of reevaluating data privacy compliance efforts.


The Evolution of Malaysia’s PDPA

The Malaysia PDPA, enacted in 2010, was a significant leap forward in safeguarding personal data. It established a framework for organisations to process personal data responsibly and lawfully. Since its inception, the PDPA has aimed to balance protecting individuals’ rights and facilitating data-driven innovations.


Recent Updates to the Malaysia PDPA

In 2020, the government announced its intention to amend the PDPA to enhance its effectiveness. Some of the key proposed amendments include:

  1. Data Localization: The proposed amendments introduce stricter requirements for data localisation, ensuring that the personal data of Malaysian citizens is stored and processed within the country.
  2. Data Breach Notifications: Organizations must notify the Personal Data Protection Commissioner (PDPC) and affected individuals during a data breach, enhancing transparency and accountability.
  3. Consent and Purpose Limitation: Stricter consent requirements and purpose limitation principles will be introduced, emphasising individuals’ control over their data.
  4. Stricter Penalties: The amendments also propose more severe penalties for non-compliance, including higher fines and even imprisonment for egregious violations.
  5. Rights of Data Subjects: The proposed changes aim to strengthen the rights of data subjects, empowering individuals to have more control over their data.


Global Emergence of Data Privacy Regulations

The global landscape of data privacy regulations has transformed significantly in the past decade. The European Union’s General Data Protection Regulation (GDPR) sets a high standard for data protection, influencing many other countries to update or enact their own data privacy laws. Countries like the United States, India, Brazil, and South Korea have introduced comprehensive data protection regulations.

As data flows effortlessly across borders, international organisations face complex compliance requirements. It needs to be more sufficient for organisations to focus solely on local regulations; they must now consider a broader global data privacy framework.


The Necessity of Reevaluating Data Privacy Compliance

Given the evolving global landscape and the proposed amendments to the Malaysia PDPA, organisations should consider the following:

  1. Compliance Assessment: Organizations should comprehensively assess their data privacy compliance programs to ensure alignment with the updated PDPA and other relevant regulations.
  2. Data Localization: For organisations handling data from Malaysian citizens, preparing for stricter data localisation requirements and evaluating data storage and processing arrangements is essential.
  3. Data Security: Strengthening data security measures is paramount, particularly in light of increased penalties for data breaches.
  4. Data Subject Rights: Organizations should be prepared to enhance the rights of data subjects, such as facilitating requests for data access and deletion.
  5. Global Compliance: Given the cross-border nature of data, international organisations must have a strategy considering various data protection laws worldwide.


Looking Ahead

The emergence of data privacy regulations and the proposed amendments to the Malaysia PDPA underscore the need for organisations to comply with the law and to prioritise data protection. It’s essential to comply with the law and establish a culture of respect for individuals’ privacy. As data continues to be a vital asset, organisations that proactively embrace data privacy and compliance will safeguard their reputation and build trust with their customers and partners.

In this ever-changing landscape, the question is straightforward: Is it time for organisations to prioritise revisiting their data privacy compliance programs and strategies? The answer is an emphatic yes. Adapting to the evolving data privacy paradigm is not just a legal requirement; it’s a strategic imperative for success in the digital age.

Read our 3 In-depth  Malaysia PDPA  Guide Articles

  1. Malaysia Personal Data Protection Act (PDPA) Your Guide Part One
  2. Malaysia Personal Data Protection Act (PDPA) Your Guide Part Two
  3. Malaysia PDPA Law Personal Data Protection Act 2010 – Data Controller Contracts and more (Part 3)