top of page

Personal Data Protection (Amendment) Bill 2024

by MH Law | July 16, 2024 | Legal Update

 

Overview


The Personal Data Protection (Amendment) Bill 2024 aims to align Malaysia's data protection laws with international standards. Approved by Parliament on July 16 and 31, 2024, it will become law upon Royal Assent and gazette publication. The amendments introduce stricter compliance requirements and penalties.


 

Salient Amendments


Increased Penalties

  • Non-compliance with personal data protection principles can result in fines up to MYR 1 million (USD 216,000) and/or three years' imprisonment, significantly higher than current penalties.


Direct Accountability for Data Processors

  • Data processors are now obligated to implement security measures and adhere to the PDPA, facing penalties for violations.


Mandatory Data Breach Notification

  • Data controllers must report breaches to the Commissioner and affected individuals promptly, with fines up to MYR 250,000 (USD 54,000) and/or two years' imprisonment for non-compliance.


Appointment of Data Protection Officers

  • Every data controller and processor must designate a data protection officer to oversee compliance.


Data Portability Rights

  • Data subjects can request the transfer of personal data to another controller, provided technical compatibility.


Biometric Data as Sensitive Data

  • Biometric information is now classified as sensitive personal data, requiring explicit consent for processing.


Revised Cross-Border Data Transfers

  • Transfers are allowed only if the destination country enforces equivalent data protection laws or provides similar safeguards.


Exclusion of Deceased Individuals

  • The term "data subject" will no longer apply to deceased individuals, excluding them from PDPA protections.


 

Key Takeaways


The amendments enhance accountability and introduce new rights, such as data portability, while broadening the scope of sensitive data. Businesses must prepare for stricter compliance, particularly in cross-border data transfers and breach notifications.


Complementary guidelines, including data protection impact assessments and automated decision-making protocols, are under development to support these changes. Organizations should remain vigilant and update policies to ensure compliance with the evolving regulatory landscape.


****


Have a question? Please contact us at info@munhoelaw.com

Latest Articles
bottom of page