Malaysia’s minor data privacy modernisation

Graham Greenleaf analyses the impact of the amendments that were recently adopted to Malaysia’s private sector privacy law.

Malaysia’s Personal Data Protection Act (PDPA) of 2010 was one of the first data privacy laws enacted in Asia but it was not brought into force until December 2013. It has remained one of Asia’s most limited laws, applying only to the private sector (and not all parts of it), with few means of enforcement, and a very limited range of controller obligations and data subject rights.(1) Since enactment it has remained unamended, unenforced and largely ignored.

In July 2024 the Personal Data Protection (Amendment) Act(2) was enacted by both houses of Malaysia’s Parliament, and will come into effect on a date yet to be fixed. A new Data Protection Commissioner, Dr Mohd Nari bin Kama, was appointed in June 2023.

Continue Reading

International Report subscribers, please login to access the full article

LOGIN

If you wish to subscribe, please see our subscription information.

Subscribe