In February 2020, the Personal Data Protection Commissioner issued a public consultation paper titled "Public Consultation Paper No. 01/2020 on Review of the PDPA" ("Public Consultation Paper") in relation to the proposed amendments to the Personal Data Protection Act 2010 ("PDPA").
Following the issuance of the Public Consultation Paper, the Personal Data Protection Department ("JPDP") provided updates on the proposed amendments to the PDPA on 4 July 2022, where representatives of JPDP have stated that they have further shortlisted proposed amendments to the PDPA and have submitted the same to the Attorney General's Chambers of Malaysia for further review.
Some key shortlisted amendments to the PDPA are as follows:
- imposition of a requirement for all data users to appoint at least one Data Protection Officer;
- introduction of a mandatory data breach notification requirement;
- extension of the scope of application of the PDPA (which currently only applies to data users) to data processors;
- introduction of a right of data portability, which is the right of data subjects to obtain and reuse their data for other purposes across different services; and
- introduction of a "black-list" regime whereby data users will generally be allowed to transfer personal data to other countries subject to compliance with certain minimum criteria stated in the amended PDPA or its regulations, save for jurisdictions that have been specifically black-listed by the Minister of Communications and Multimedia.
In addition to the above, JPDP has indicated that several minor amendments had been approved by the relevant Ministers, and will likely be tabled in Parliament together with the said principal amendments in October 2022.
For more information, click here to read our Legal Update.