Malaysia’s first ever comprehensive privacy law, the Personal Data Protection Act of 2010 (“PDPA“), came into force on November 15, 2013.
The Malaysia Parliament passed the PDPA in 2010. However, it was passed with no set effective date and uncertainty as to when it would come into force.
Now that the law is in force, there is a 3-month grace period for compliance with the PDPA with respect to personal data collected before Nov. 15, 2013. However, for any personal data collected on or after Nov. 15, 2013 when the law took effect, compliance with the PDPA is now required.
Among other things, the PDPA imposes notice, consent, integrity/accuracy and security obligations and retention limits, and gives data subjects access rights.