Monthly Archives: April 2017

Feedback on the proposed Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017

The Malaysian Personal Data Protection Commissioner (Commissioner) has published the Public Consultation Paper (PCP) No. 1/2017 (click to download) entitled Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017 (“Order”). The public consultation is intended to solicit feedback from data users and/or relevant parties pertaining to the whitelist places for transfer of personal data outside Malaysia. This step is in line with the requirements of subsection 129(1) of the Personal Data Protection Act 2010 [Act 709]. The Order is a ‘living document’ in which, as and when required; addition of places to the list will be done accordingly. Among the criteria considered by the Commissioner in preparing a list of those places are:

i. Places that have comprehensive data protection law(can be from a single comprehensive personal data protection legislation or otherwise a combination of several laws and regulations in that place);

ii. Places that have no comprehensive data protection law but are subjected to binding commitments(multilateral/bilateral agreements and others);

iii. Places that have no data protection law but have a code of practice or national co-regulatory mechanisms.

The Order has proposed the following places to be in the “whitelist places”:-

(a) European Economic Area (EEA) member countries
(b) United Kingdom
(c) The United States of America
(d) Canada
(e) Switzerland
(f) New Zealand
(g) Argentina
(h) Uruguay
(i) Andorra
(j) Faeroe Islands
(k) Guernsey
(l) Israel
(m) Isle of Man
(n) Jersey
(o) Australia
(p) Japan
(q) Korea
(r) China
(s) Hong Kong
(t) Taiwan
(u) Singapore
(v) The Philippines
(w) Dubai International Financial Centre (DIFC)

The deadline for sending feedback is on the 4th of May 2017 (Thursday). For more details, please click here.

 Scroll to top