PDPA Malaysia, or the Personal Data Protection Act, is essential for individuals in Malaysia because it gives them greater control over their data and protects them against data breaches and misuse of their personal information.
Individuals have the right to know how businesses use their data, access and correct their data, and withdraw their consent for its use.
What is PDPA Malaysia?
The Personal Data Protection Act (PDPA) is a law that was enacted in Malaysia in 2010 to regulate the processing of personal data by businesses and other organizations. PDPA Malaysia aims to protect individuals' privacy and personal data by setting out rules and guidelines for the collection, use, disclosure, and retention of personal data.
How PDPA Malaysia Affects Me
As an individual in Malaysia, the PDPA affects you in several ways. Firstly, it gives you greater control over your personal data. Under the PDPA, organizations must obtain your consent before collecting, using, or disclosing your personal data. You also have the right to access and correct your personal data held by organizations.
Secondly, the PDPA provides you with greater protection against data breaches and misuse of your personal data. Organizations are required to take reasonable steps to protect your personal data from unauthorized access, use, or disclosure. They must also notify you if there has been a data breach that could potentially harm you.
Finally, the PDPA gives you the right to complain to the relevant authorities if you believe an organization breached the PDPA. The authorities can investigate the complaint and take action against the organization if necessary.
Seeking Help for PDPA Infringements in Malaysia
If you believe that your personal data rights have been infringed, there are several ways to address the situation;
- Use the government's Personal Data Protection System (SPDP)
- Send an Email to the Department of Personal Data Protection ([email protected])
- Send a written letter to the Department of Personal Data Protection at;
Department of Protection of Personal Data
Level 6, Kompleks Kementerian Komunikasi & Multimedia
Lot 4G9, Persiaran Perdana, Presint 4
Pusat Pentadbiran Kerajaan Persekutuan
62100 Putrajaya
Impact of PDPA on Malaysian Businesses
The PDPA has a significant impact on businesses and other organizations in Malaysia. Under the PDPA, businesses must comply with strict rules and guidelines when collecting, using, disclosing, and retaining personal data.
Businesses must obtain the consent of individuals before collecting their personal data, and must use it only for the purposes for which it was collected. They must also take reasonable steps to protect personal data from unauthorized access, use, or disclosure.
In addition, businesses must appoint a Data Protection Officer (DPO) to oversee their compliance with the PDPA. The DPO is responsible for ensuring that the business complies with the PDPA, and for handling complaints from individuals about the handling of their personal data.
Penalties for Non-PDPA Business Compliance
Businesses that fail to comply with the Personal Data Protection Act (PDPA) in Malaysia may face penalties ranging from fines to imprisonment. Here are some of the penalties that businesses may face:
- Fines: Businesses that violate the PDPA may face fines of up to RM 500,000 or 10% of the company's annual turnover, whichever is higher.
- Imprisonment: Individuals responsible for violating the PDPA may face imprisonment of up to two years.
- Revocation of license: Businesses that hold a license or permit may have their license or permit revoked if they are found to violate the PDPA.
- Legal action: Businesses may face legal action from individuals whose personal data has been mishandled, resulting in damages and costs.
- Reputational damage: Non-compliance with the PDPA can result in negative publicity and reputational damage for businesses, impacting their relationships with customers and stakeholders.
Why Your Data Privacy is Important as a Malaysian Citizen
Data privacy is essential for Malaysian citizens to protect their personal information, prevent identity theft, promote transparency and accountability, build trust and confidence, and comply with international standards.
Here are some of the key reasons to focus on data privacy;
Protection of Personal Information
Personal information such as name, contact details, identification number, and financial information is sensitive data that should be protected from unauthorized access and misuse. Data privacy laws like the PDPA are in place to protect personal information from misuse and to provide individuals with the right to access and control their data.
Prevention of Identity Theft
Identity theft is a growing problem in Malaysia, with criminals using personal information to commit fraud and other criminal activities. Data privacy laws help to prevent identity theft by requiring businesses to implement security measures to protect personal data and to report data breaches to the relevant authorities.
Transparency and Accountability
Data privacy laws promote transparency and accountability by requiring businesses to obtain consent before collecting personal data and to provide individuals with information on how their data is being used. These laws also allow individuals to access their data and request corrections or deletions if needed.
Building Trust and Confidence in Businesses
Trust and confidence are essential for individuals when sharing their personal data with businesses. Data privacy laws help build trust and confidence by setting out clear rules and guidelines for handling personal data, and by providing individuals with the right to know and control how their data is being used.
Keeping Up With International Data Privacy Standards
Compliance with data privacy laws like the PDPA is essential for Malaysia to maintain its reputation as a responsible member of the international community. This is particularly important for businesses operating in the global marketplace which must comply with international data protection standards.
By upholding these principles, Malaysia can ensure that individuals' privacy rights are respected and businesses can operate responsibly and ethically.
Improving Your Digital Privacy With a VPN
NordVPN Protects Your Privacy
With military-grade encryption and RAM-only secure servers, NordVPN helps mask your identity and protect you online.
One effective tool for improving digital privacy is a Virtual Private Network (VPN). A VPN is a secure and private network that allows users to connect to the internet through a remote server.
Using a VPN, users can encrypt their internet traffic and mask their IP address, making it difficult for hackers and other cybercriminals to intercept their data. This process is essential when using public WiFi networks, which are notoriously vulnerable to cyber attacks.
In addition to improving digital privacy, a VPN can enhance online security by providing additional protection against malware and phishing attacks. Some VPN providers also offer features such as ad-blocking and tracker blocking, which can help to improve online privacy further.
Businesses can also benefit from a VPN, particularly for remote workers who may need to access company resources and data outside the office. A VPN can provide a secure and private connection for remote workers, helping to protect sensitive business information from potential cyber threats.
While a VPN is not a silver bullet for digital privacy and security, it is a valuable tool that can help to mitigate the risks of cybercrime and data breaches. By using a reputable VPN provider and following best practices for online security, individuals and businesses can significantly improve their digital privacy and protect themselves from potential threats.
Examples of Notable PDPA Malaysia Violations
While data privacy laws in Malaysia are quite stringent, cybersecurity incidents often intrude. There have been several incidents over the years where Malaysians have lost control over their personal data through service providers' fault.
Here are some examples;
Malaysian Telco Data Breach – 2017
In 2017, a massive data breach at a Malaysian telecommunications company resulted in the personal data of millions of customers being leaked online. The leaked data included customer names, addresses, phone numbers, and IC numbers. The incident was believed to be one of the largest data breaches in Malaysian history. (Source: The Star)
Experian Data Breach – 2020
In 2020, credit reporting agency Experian suffered a data breach in which the personal data of millions of people in Malaysia was stolen. The stolen data included names, addresses, phone numbers, and IC numbers. The incident was believed to have affected around 24 million people in Malaysia. (Source: Reuters)
MCMC Data Breach – 2020
In 2020, the Malaysian Communications and Multimedia Commission (MCMC) suffered a data breach in which the personal data of hundreds of employees was leaked online. The leaked data included employee names, IC numbers, phone numbers, and email addresses. The incident was believed to have been caused by a phishing attack. Source: (The Star)
Astro Data Breach – 2018
In 2018, Malaysian satellite TV provider Astro suffered a data breach in which the personal data of its customers was stolen. The stolen data included customer names, addresses, phone numbers, and subscription details. The incident was believed to have affected around 60,000 customers. (Source: Reuters)
Jobstreet.com Data Breach – 2019
In 2019, the Malaysian job recruitment website Jobstreet.com suffered a data breach in which the personal data of millions of job seekers was stolen. The stolen data included job seekers names, email addresses, and phone numbers. The incident was believed to have affected around 19 million job seekers in Malaysia. Source: (The Star)
Learn more in our article on Data Breaches
Data Privacy is Your Protected Right under PDPA Malaysia
The Personal Data Protection Act (PDPA) is an essential law that aims to protect individuals' personal data from misuse by businesses and organizations. Businesses and individuals alike must understand the critical features of the PDPA and take measures to comply with its provisions.
By doing so, businesses can avoid penalties and protect their reputation, while individuals can safeguard their personal information and exercise their rights under the law. As Malaysia continues to embrace the digital economy, the PDPA will be increasingly important in ensuring that data privacy is respected and protected.
By adhering to the PDPA's principles, businesses can build trust with their customers and stakeholders. At the same time, individuals can enjoy greater peace of mind in knowing that their personal data is being handled responsibly.
