Personal Data Protection Act 2010 Now in Force
09 December 2013
The official Gazette formalizing the date of coming into force has finally been published and the Personal Data Protection Act 2010 (PDPA), which was passed by the Malaysian Parliament in 2010, shall be in force from November 15, 2013, according to a Client Alert published by Wong & Partners, the Baker & McKenzie affiliate firm in Kuala Lumpur.
The firm says that data users will have a three-month transitional period to comply with its provisions in respect of existing personal data being processed, but will have to immediately comply with its provisions in respect of new personal data collected.
Seven data protection principles form the basis of protection under the PDPA, which are designed to provide protection to the individual’s personal data, thereby safeguarding the interests of consumers, and e-commerce, network and non-network facility practitioners, the alert said.
“The penalties for breaching the PDPA include the imposition of fines of up to RM500,000 (US$155,800) and/or a term of imprisonment not exceeding two years,” lawyers at the firm said. “Directors, CEOs, COOs, managers or other similar officers have joint and several liability for non-compliance by the body corporate, subject to the due diligence defence. The Commissioner is not empowered to order compensation for damage suffered, and there is no express right to pursue a civil claim for non-compliance.”
