Personal Data Protection Act 2023 - Proposed Amendments

Personal Data Protection Act 2023 - Proposed Amendments

What is it Personal Data Protection Act (PDPA)

The PDPA governs data usage and its security in Malaysia. It was tabled in 2010 and gazetted the same year, but only implemented in 2013.

The act is enforced by the Personal Data Protection Department. One of its main functions is to prevent data misuse in commercial transactions.

What it covers

Under the PDPA, data such as your full name, MyKad number, passport number and your email address are considered to be personal and sensitive information.

Other forms of data that fall under this category include photographs, images captured from CCTVs, religious and political beliefs, as well as personal documents like tax records.

Under the Act, a person is entitled to the following rights after sharing their data with an organisation:

  • The right to know if their data is being processed.

  • The right to access their personal data from the organisation’s database

  • The right to amend the data provided

  • The right to withdraw consent given to process one’s data

  • The right to stop any data processing activities that could cause damage or distress

  • The right to stop data processing activities for direct marketing

Proposed Amendments to the PDPA

The draft amendment to the PDPA to curb personal data breaches is expected to be presented in Parliament before the end of this year. It is rumored that it will be enacted by the end of October 2023.

Communications and Digital Minister Fahmi Fadzil said the Personal Data Protection Department (JPDP) was looking at several improvements to the amendments prepared by the previous government before they were submitted to the Attorney-General's Chambers.

The proposed amendments are summarised as follows:

1. Mandatory appointment of a Data Protection Officer

All data users will each be required to appoint a data protection officer.

2. Data portability

Transfers of personal data between data users (upon request from data subjects) will be allowed (if the technical system permits).

3. Mandatory data breach notification

All data users will be required to report data breaches to the Malaysian Personal Data Protection Department (PDPD) within 72 hours.

4. Enhanced obligations for data processors

Data processors will be required to comply with the security principle under the PDPA.

5. Cross-border data transfer requirements

The power of the Minister to issue a whitelist will be replaced with a blacklist. Transfers of personal data to blacklisted countries will be prohibited. 

Impacts On The Proposed Amendments in PDPA

Increase in penalties for misuse of data and non-compliance with PDPA in general.

Designate the Malaysian Personal Data Protection Department as a statutory commission with enforcement power.

Visit Us

  • Wisma KTP, 53 Jalan Molek 1/8, Taman Molek, 81100 Johor Bahru

  • Wisma THK, 41, Jalan Molek 1/8, Taman Molek, 81100 Johor Bahru

KTP (Audit, Tax, Advisory)

An approved audit firm and licensed tax firm operating under the KTP group based in Johor Bahru providing audit, tax planning, advisory and compliance services to clients

THK (Secretarial, Account, Payroll, Advisory)

A licensed secretarial firm in Johor Bahru providing fast reliable incorporation, secretarial services, corporate compliance services, outsource booking, accounting and payroll services to clients

KTP Lifestyle

An internal community for our colleagues on work and leisure.

KTP Career

An external job community on vacancy in Johor Bahru for interns, graduates & experienced candidates.

#Ktp #Thks