Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

Malaysian Parliament Passes Personal Data Protection (Amendment) Bill 2024

By Yana Komsitsky on August 7, 2024
Email this postTweet this postLike this postShare this post on LinkedIn

The Personal Data Protection (Amendment) Bill 2024 (“PDPB”) was at last passed by the Malaysian Parliament at the end of July. After Royal Assent and publishing, it will become law (on a date to be determined by the Minister of Digital to be specified in the Gazette). The PDPB introduced several changes intended to better align Malaysia’s 2010 Personal Data Protection Act with global standards.

New requirements include:

1.         Mandatory DPO appointment;

2.         A direct obligation to comply with the practical steps required by the security principle for processors (currently, this is limited to controllers only);

3.         Breach notification obligation:

1.         to the Personal Data Protection Commissioner;

2.        to data subjects, if the breach causes or is likely to cause significant harm; and

4.         A new right to data portability must be provided, subject to some possible limitations.

There are also changes to better align with internationally accepted concepts:

1.         “Data Controller” replaces “Data User”;

2.         “Sensitive Personal Data” now includes “Biometric Data” (personal data resulting from technical processing relating to the physical, physiological, or behavioral characteristics of a person, requiring additional protections, e.g., explicit consent for processing); and

3.         Introduction of a general legal basis for international transfer based on adequacy of protection in the destination jurisdiction.

Penalties for non-compliance with the 7 Personal Data Protection Principles have more than tripled to RM1,000,000 (approx. 226K USD) and/or up to three years imprisonment (vs. former RM300,000 and/or two years imprisonment). Company management may be held personally responsible and subject to penalty, unless they can prove they had no knowledge and took all reasonable precautions.

What steps should businesses take now?

While we await the PDPB coming into force and detailed guidance, businesses and organizations processing data in Malaysia should begin planning to:

1.         appoint a DPO;

2.         implement a data breach notification process;

3.         address the new data portability right

4.         comply with the Security Principle, if a processor.

Photo of Yana Komsitsky Yana Komsitsky
Read more about Yana KomsitskyEmail
  • Posted in:
    Privacy & Data Security
  • Blog:
    The Global Privacy Watch
  • Organization:
    Seyfarth Shaw LLP
  • Article: View Original Source
LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Beyond the First 100 Days
  • In the Legal Interest
  • Cooking with SALT
  • The Fiduciary Litigator
  • CCN Mexico Report™
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo