INTRODUCTION

In general, the Personal Data Protection Act 2010 [Act 709] applies to any individual, company, or organization that processes and has control over the processing of personal data in commercial transactions in Malaysia.

Individuals, companies, or organizations that process and control the processing of personal data in commercial transactions are known as Data Controllers.

As a Data Controller, you are required to comply with all regulations set forth in this Act, particularly related to the following matters:

  1. The 7 Principles of Personal Data Protection (link to page on 7 principles)
  2. Personal Data Protection Standard (link to standard page)
  3. Registration as a Data Controller (link to application page)
  4. Registration of Personal Data Protection Officer (link to this page: https://www.pdp.gov.my/ppdpv1/garis-panduan-dan-pekeliling-perlindungan-data-peribadi-pelantikan-pegawai-perlindungan-data-dpo-dan-pemberitahuan-pelanggaran-data/)
  5. Data Breach Notification (link to page: https://www.pdp.gov.my/ppdpv1/garis-panduan-dan-pekeliling-pemberitahuan-pelanggaran-data-dbn/ )