The Malaysian government published - on 14 November 2013 - the entry into force date of the Personal Data Protection Act (PDPA) 2010. The Act will enter into force on 15 November 2013 and will introduce an omnibus privacy regime in Malaysia for the first time. The publication of the PDPA is accompanied by a number of regulations and orders that clarify some of its provisions.
The PDPA was passed by the Malaysian Parliament in May 2010, and received Royal Assent in June 2010, however its entry into force had been delayed. Jillian Chia, Senior Associate at Skrine, told DataGuidance, "The PDPA will apply to any person who processes or has control over the processing of any personal data, known as a data user. It is important to note that 'processing' is defined widely under the PDPA to cover a wide range of activities, including using, disseminating, collecting, recording and/or storing personal data. Furthermore, only individuals are referred to as 'data subjects' under the PDPA."
The PDPA introduces, among other things, seven data protection principles which data users must comply with. Violation of any of these principles by data users will result in a fine of up to 300,000 ringgit (approximately 74,485€) and/or up to three years' imprisonment.
"Where a data user has collected personal data before the date of coming into operation of the PDPA, such users will have three months to comply," said Chia. "Any data user which is required to be registered under the PDPA is also required to do so within three month from its entry into force."