Hey there, let’s talk about the Personal Data Protection (Amendment) Bill 2024!
So, the highly anticipated Personal Data Protection (Amendment) Bill 2024 has been introduced in Malaysia, bringing significant changes to the existing Malaysia Personal Data Protection Act (PDPA) of 2010. This update aligns with global data privacy standards and addresses the rapidly changing digital landscape. It’s crucial for businesses to understand these changes to stay compliant and avoid hefty penalties. In this article, we’ll dive into the key aspects of the amendment bill and what it means for organisations in Malaysia.
Key Changes in the Amendment Bill
1. Direct Obligations for Data Processors
One major change in the amendment bill is the direct obligations placed on data processors. Previously, only data controllers were responsible for handling and protecting personal data. Now, data processors must also adhere to the security principle, ensuring the protection of personal data. Non-compliance could lead to fines of up to MYR 1 million (USD 216,000) and/or three years of imprisonment. This increased accountability promotes a more robust data protection environment.
2. Mandatory Data Breach Notification
Under the new bill, data breach notifications are now mandatory. Data controllers must promptly inform the Commissioner of any suspected data breaches. If the breach poses a significant risk to data subjects, controllers must also notify the affected individuals without delay. This transparency and prompt reporting empower individuals to take necessary actions to protect their data.
3. Requirement to Appoint Data Protection Officers
The amendment bill mandates that both data controllers and processors appoint at least one Data Protection Officer (DPO). The DPO will ensure compliance with the PDPA, aligning data management practices with regulatory requirements. This emphasizes the need for internal oversight and structured compliance frameworks within organisations.
4. Expanded Data Subject Rights
The amendment bill introduces a new data portability right, allowing data subjects to request the transfer of their personal data between data controllers. Additionally, sensitive personal data now includes biometric data, providing added protection for uniquely identifiable information.
5. Updated Rules for Cross-Border Data Transfers
The amendment bill replaces the whitelist approach with a general legal basis for cross-border data transfers, streamlining data flows while safeguarding personal information.
6. Exclusion of Deceased Individuals from the Definition of Data Subjects
Interestingly, the amendment bill excludes deceased individuals from the definition of data subjects, impacting businesses handling such data.
Increased Penalties for Non-Compliance
The amendment bill introduces higher penalties for non-compliance, emphasizing the importance of adherence to data protection principles.
Additional Guidelines on the Horizon
In January 2024, the Minister of Digital announced seven supplementary guidelines to support the PDPA amendments, providing clarity and support for businesses.
Preparing for Compliance: How Formiti’s Malaysia PDPA Service Can Help
The Personal Data Protection (Amendment) Bill 2024 signifies a significant shift in Malaysia’s data protection landscape. With new obligations and penalties, organisations must prioritize compliance. At Formiti, we offer comprehensive Malaysia PDPA services to help businesses navigate regulatory requirements.
For organisations in Malaysia, staying ahead of these changes is crucial. Let Formiti guide you through the evolving data protection landscape and ensure your business is prepared for the Personal Data Protection (Amendment) Bill 2024.