T : +(603) 7806 3550   |   F : +(603) 7806 5586

Monday 31 March 2014

The Personal Data Protection Act 2010 (Malaysia)

What is the Personal Data Protection Act 2010 (Malaysia)? This Act regulates the processing of personal data in regards to commercial transaction. It was gazetted in June 2010. 

The penalty for non-compliance will be between RM100,000 - RM500,000 and/or imprisonment of between 1 - 3 years.

How does this affect your business?

This Act applies to any person who collects and processes personal data in regards to commercial transactions. The 7 principles of the Act are general, notice and choice, disclosure, retention, security, access and data integrity principles. 

Personal data relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive data, and expression of opinion about the data subject. For example: name, identity card number, date of birth, mobile number and etc.

In the case where personal data processing is outsourced to a third party, known as the data processor, it is the responsibility for the data user to ensure that the data processor provides sufficient guarantees to protect the person data from any loss, misses, modification, unauthorized or accidental access or disclosure, alteration or destruction.

What are the main Challenges?

Increased complexity: This Act affects personal data management from the point data is collected, used, stored, and destroyed. This Act also applies to customers, employees, and third party service providers that handle personal data. Companies businesses will be affected as processes will be required to be refined to comply with the Act's requirements.

The process of personal data life cycle management becomes more complex with the involvement of International data transfer.

What should be the next steps?

The Personal Data Protection Act 2010, has already been effect and companies were required to register by 15 February 2014 or face penalties under section 16(4) of The Personal Data Protection Act 2010.

  1. Identify the gaps to meet the legal requirements and industry standards.
  2. Develop a strategic roadmap to address the gaps
  3. Develop structure, roles and responsibilities, policies and procedures.
  4. Audit processes and systems to assess compliance with policies, standards, and legal requirements.
Find the Personal Data Protection Act 2010 (Malaysia) from the Official Portal of the Ministry of Communication and Multimedia Malaysia. For more legal information you can refer to the Malaysian Bar.

EVERWORKS is Malaysia's leading Server Colocation, Server Colocation Hosting Services, and Mobile Hosting Provider. EVERWORKS has worked with prominent clients as the Ministry of Health Malaysia, PriceWaterhouse Coopers Malaysia, Media Prima Berhad, GAC Shipping, KLIA Express, CIMB Bank, Hong Leong Bank Berhad, and many others.

Further reading: Your Data is Your Data


Post a Comment

Related Posts Plugin for WordPress, Blogger...