Support Centre



Law: Personal Data Protection Act 2010 ('PDPA')

Regulator: The Department of Personal Data Protection ('PDP')

Summary: The PDPA is supplemented by several pieces of subsidiary legislation that have been enacted by the Ministry of Communications and Multimedia Malaysia and govern, among other things, data user registration, class of data users, fees, and inspections. In addition, the PDP has released data protection standards, setting out minimum security requirements as well as codes of practice for various sectors including the banking and finance, energy, and insurance sectors. 

In addition, several papers have been released for public consultation including Public Consultation Paper No. 10/2020 – Review of Personal Data Protection Act 2010 (Act 709), which was released on 14 February 2020 and proposes amendments to the PDPA. These amendments would introduce mandatory breach reporting, expand data subjects' rights, establish a Do Not Call Registry, and broaden the applicability of the PDPA to data processors.


In this report, OneTrust DataGuidance provides a means of analyzing and comparing data protection requirements and recommendations under the General Data Protection Regulation (GDPR) and the Personal Data Protection PDPA 2010 (PDPA).

The report examines and compares the scope, main definitions, legal bases, data controller and processor obligations, data subject rights, and enforcement capacities of the PDPA with the  GDPR.

You can access the latest version of the report here.

Countries across the APAC region have been introducing comprehensive data protection laws and/or updating existing legislation to ensure personal data is protected in the digital era. OneTrust DataGuidance provides an overview of the status of current privacy/data protection bills in Australia, Brunei Darussalam, India, Malaysia, Mongolia, Myanmar, Pakistan, Sri Lanka, Thailand, and Vietnam.