Malaysia’s Personal Data Protection Act (PDPA) was enacted in 2010 and came into force in November 2013, making Malaysia the first country in the Association of Southeast Asian Nations (ASEAN) to enact comprehensive privacy legislation.
On July 31, 2024, the Personal Data Protection (Amendment) Bill 2024 (PDP Bill) was passed by the Dewan Negara (Malaysia’s Senate). It is expected to receive royal assent and thereafter come into force on a date to be appointed by the Minister of Digital by notification in the Gazette.
The PDP Bill introduces significant amendments to the PDPA, including specific definitions, new obligations on data controllers and stricter penalties for non-compliance. These amendments align the PDPA with internationally recognised standards, positioning Malaysia alongside its regional peers in Asia-Pacific, including Singapore, Indonesia, the Philippines, Thailand and Vietnam.
According to Malaysia’s Digital Minister, Gobind Singh Deo, these changes are driven by rapid technological advancements that necessitate society’s reliance on digital platforms for business, coupled with an expectation of protection. His comments come in response to a recent rise in complaints regarding the misuse and breach of personal data, an increase in personal data breaches, and a growing number of online fraud cases.
We outline below key changes brought about by the PDP Bill and its impact on businesses: