The Personal Data Protection Act 2010 (Act 709) enacted in 2010 serves the purpose of regulating the processing of personal data in commercial transactions. After almost 10 years of operation, there is a need to continue to strengthen the enforcement and implementation of Act 709, taking into account the emerging issues regarding the protection of personal data that affect both data users and data subjects from economic, social and technological aspects. In recent years, there has been an increase in data breach cases involving various types of data users from different sectors leading to challenges in implementing and enforcing personal data protection laws. Therefore, a study to review Act 709 was conducted in 2019 with the aim of focusing on the effective implementation of Act 709 compared to other data protection laws internationally and to explore areas for improvement. The study saw the involvement of experts from industry, regulators, government agencies and academics in a series of workshops to generate and discuss ideas for improvements to strengthen Act 709.