Support Centre



Law: Personal Data Protection Act 2010 ('PDPA')

Regulator: The Department of Personal Data Protection ('PDP')

Summary: The PDPA is supplemented by several pieces of subsidiary legislation that have been enacted by the Ministry of Communications and Multimedia Malaysia and govern, among other things, data user registration, class of data users, fees, and inspections. In addition, the PDP has released data protection standards, setting out minimum security requirements as well as codes of practice for various sectors including the banking and finance, energy, and insurance sectors. 

In addition, several papers have been released for public consultation including Public Consultation Paper No. 10/2020 – Review of Personal Data Protection Act 2010 (Act 709), which was released on 14 February 2020 and proposes amendments to the PDPA. These amendments would introduce mandatory breach reporting, expand data subjects' rights, establish a Do Not Call Registry, and broaden the applicability of the PDPA to data processors.