What is PDPA?
On 15 November 2013, the Personal Data Protection Act 2010 (PDPA) came into force in Malaysia with the objective of protecting the personal data of individuals with respect to commercial transactions.
- The Personal Data Protection Act 2010 (“PDPA”) is an Act that regulates the processing of personal data in regards to commercial transactions.
- It was gazetted in June 2010.
- The penalty for non-compliance is between RM100k to 500k and/or between 1 to 3 years imprisonment.
- Data subject
- means an individual who is the subject of the personal data;
- Personal data
- means any information in respect of commercial transactions, that relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject;
- Sensitive personal data
- means any personal data consisting of information as to the physical or mental health or condition of a data subject, s political opinions, his religious beliefs or other beliefs of a similar nature, the commission or alleged commission by him of any offence or any other personal data as the Minister may determine by order published in the Gazette;
- in relation to personal data, includes amendment, variation, modification or deletion;
- Data user
- means a person who either alone or jointly or in common with other persons processes any personal data or has control over or authorizes the processing of any personal data
- Data processor
- in relation to personal data, means any person, other than an employee of the data user, who processes the personal data solely on behalf of the data user, and does not process the personal data for any of his own purposes;