in a nutshell
Following a public consultation held in early 2020, the Malaysian Personal Data Protection Act 2010 (“PDPA“) will be submitted to the Malaysian Parliament for approval in October 2022. These proposals introduce new obligations for both data users and data processors.
Minister of Communications and Multimedia (“Minister“) (which oversees the implementation of the PDPA) has indicated that the following proposed amendments to the PDPA will be submitted to Congress for approval in October 2022 (collectively “amendment”):
- Appointment of Data Protection Officer: Every data user must appoint a data protection officer.
- Mandatory Data Breach Notification: All data users are required to report data breaches to the Malaysian Personal Data Protection Authority (SeePDPD“) within 72 hours.
- Data Processor Obligations: Data processors must adhere to security principles under the PDPA.
- Introducing data portability: Transfers of personal data between data users (upon request from the data subject) are permitted (if permitted by the technical system).
- Blacklist for cross-border transfers: The Minister’s power to issue whitelists will be replaced by blacklists. Transfer of personal data to blacklisted countries is prohibited.
Under the PDPA, a “data user” is basically a person (other than a data processor) who controls or authorizes the processing of personal data. A “data processor”, on the other hand, is a person who processes personal data on behalf of a data user. Not for its own purposes.
The proposed amendments formed part of a public consultation paper of 22 proposals issued by the PDPD in early 2020 to strengthen the PDPA. These are largely consistent with recent data privacy reforms across the region. Firms should anticipate and prepare for additional compliance obligations that may be imposed if the Amendments are passed and come into effect (such compliance obligations would add to existing contractual commitments and promises). (including conducting impact assessments).
* * * * *
This Client Alert is issued by Wong & Partners, a member firm of Baker McKenzie International, a global law firm with member firms worldwide. In accordance with common terminology used in professional services organizations, references to “partner” mean a partner or equivalent of such law firm. Similarly, references to “offices” mean offices of such law firm. This may be “attorney advertising” which requires notice in some jurisdictions. Previous results are no guarantee of similar results.
