LISTEN NOW: Evolution of Data Controls in the Era of Generative AI

View

Malaysia’s Personal Data Protection Act (PDPA)

Operationalize PDPA Compliance with the most comprehensive PrivacyOps platform

Last Updated on noviembre 16, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

Ver una demostración
Schedule your demo today

The Parliament of Malaysia passed Malaysia’s Personal Data Protection Act (PDPA) on 2 June 2010. The PDPA sets out a complete cross-sectoral framework to protect the personal data of individuals with respect to commercial transactions. The PDPA applies to any person or data controller (organization) who processes or has control over a data subject’s personal data. The PDPA aims to avoid any misuse of individuals’ personal data.

Malaysia’s Personal Data Protection Act was implemented on November 15, 2013.

In July 2024, the Malaysian Parliament passed the long-awaited Amendment (the 2024 Amendment) to the PDPA, which introduced changes to the existing provisions of the PDPA and added some additional obligations.

 

The solution

Securiti empowers organizations worldwide to ensure smooth compliance with Malaysia’s PDPA with its AI-driven data discovery, DSR automation, universal consent management, autonomous documented accountability, data breach management, and vendor risk assessment functionality.

Malaysia PDPA Compliance Solution

Securiti enables organizations to comply with Malaysia’s PDPA through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with Malaysia’s PDPA through automation, enhanced data visibility, and identity linking.


 

PDPA dsr handling

Automate data subject request handling

Section: 44(1)

As stated in Malaysia's PDPA, data subjects have multiple rights. They must be informed of the use of their personal data and can access the data held by an organization. To act per the PDPA, organizations must streamline the initiation of verified DSR requests.

Secure Fulfillment of Data Access Requests

Section: 5, 12, 30,31, 32, 33

Conveniently disclose the required information to the data subjects free of charge via the secure, centralized portal. Automating the delivery and generation of secure data access reports minimizes the risk of any compliance violations.

 

PDPA data access request
PDPA data rectify request

Automate the processing of rectification requests

Section: 5, 11, 12, 34, 35, 36, 37

Seamlessly fulfill all data rectification requests with automated data subject verification and rectification workflows across all appearances of a subject’s personal data.

Automate object and restriction of processing requests

Section: 42, 43

Using collaborative workflows, create a customized framework for objection and restriction of data processing handling, following your business requirements.

 

PDPA Data Processing Request
PDPA data erasure request

Automate the Data Portability Requests

Section: 43 A

Seamlessly fulfill all data portability requests by automating the discovery and mapping of personal data across systems.

Automate Erasure/Destroy/Anonymize Requests

Section: 10

Conveniently manage erasure/destroy/anonymize requests through flexible and automated workflows.

PDPA Universal Consent Management Dashboard
PDPA dsr workbench

Monitor and Track Consent

Section: 6(1),7, 8, 38, 40(1)

Routinely monitor and track data subjects' consent to prevent the illegal transfer or processing of data without the user’s consent. Continuously validate consent compliance with regulators and data subjects for swift action.

Continuous Monitoring and Tracking

Section: 5, 6, 44(1)

Keep a birds-eye view of potential risks against non-compliance to data subjects’ rights and other organizational obligations by routinely monitoring and scanning personal consumer data.

 

PDPA Readiness Assessment
PDPA Automated Data Mapping Request

Map data flows and generate reports

Section: 44(1), 129

Conveniently trace, manage, and monitor data flows from a single interface. Generate reports to gain comprehensive visibility of all data points, any cross-border data transfers, vendor contracts, and compliance documents.

Automate breach response notifications

Section: 12 (b)

Automate compliance actions and breach notifications to concerned stakeholders regarding any data breach incidents by leveraging a knowledge database on security incident diagnosis and response.

PDPA breach response notification
PDPA Vendor Risk Management

Manage vendor risk

Section: 9(2)

Keep a close track of privacy and security readiness for all your service providers and processors via a single interface. Collaborate directly with vendors, automate data requests and deletions, and manage all vendor contracts and compliance documents.

Meet Cookie Compliance

Section: 6(1),7, 8, 38

Automatically scan your organization's web properties, categorizing tags and cookies. Build customizable cookie banners, collect consent, and provide a preference center.

Malaysia Cookie Consent Compliance
Malaysia PDPA Privacy Policy Management

Privacy policy and notice management

Section: 7

Dynamically update privacy policies and notices to comply with the PDPA. Automate the process of publishing your privacy notices with pre-built templates. Enable centralized management by tracking and monitoring privacy notices to maintain compliance.

Data Subject Rights Under Malaysia’s Personal Data Protection Act (PDPA)

Right to be informed: Data controllers must inform data subjects by written notice of any matters relating to the processing information of the data subject.

Right to access: Data subjects have the right to access their data and correct it if found inaccurate, incomplete, misleading, or outdated. Data controllers must acknowledge receipt of a data access request.

 

Right to correction: Data subjects have the right to rectification of their personal data if it is found inaccurate, incomplete, misleading, or outdated. Data controllers must acknowledge receipt of a data correction request.

Right to opt-out: A data subject can withdraw consent for the processing of his/her personal data at any time by way of written notice.

 

Right to prevent processing: With written notice, a data subject can withdraw consent for the processing of his/her personal data if it might cause them any damage or distress.

 

Right to data portability: A data subject can request data controllers to transfer their personal data to another data controller of their choice.

 

Quick Facts about PDPA

1

The Personal Data Protection Commissioner is the acting and responsible regulatory authority in Malaysia for implementing and executing PDPA.

2

The purpose of PDPA is to strengthen consumer confidence in business transactions and e-commerce by seeking user consent to sell their personal data.

3

Certain classes of data controllers are required to register under the PDPA. Data controllers are also required to display their certificate of registration at a conspicuous place at their principal place of business and a copy of the certificate at each branch, where applicable.

The PDPA has seven data protection principles, including the General Principle, Notice and Choice Principle, Disclosure Principle, Security Principle, Retention Principle, Data Integrity Principle, and Access Principle. Under the 2024 Amendments to the PDPA, the maximum penalty for non-compliance with the principles of the PDPA is MYR 1 million (approx. $212,530) and 3 years imprisonment. 

4

The PDPA does not apply to any personal data processed outside Malaysia unless the data is intended to be further processed in Malaysia.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New