Malaysia Personal data protection commissioner

Feedback to the proposed Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017

The Malaysian Personal Data Protection Commissioner (Commissioner) has published the Public Consultation Paper (PCP) No. 1/2017 (click to download) entitled Personal Data Protection (Transfer Of Personal Data To Places Outside Malaysia) Order 2017 (“Order”). The public consultation is intended to solicit feedback from data users and/or relevant parties pertaining to the whitelist places for transfer of personal data outside Malaysia. This step is in line with the requirements of subsection 129(1) of the Personal Data Protection Act 2010 [Act 709]. The Order is a ‘living document’ in which, as and when required; addition of places to the list will be done accordingly. Among the criteria considered by the Commissioner in preparing a list of those places are:

i. Places that have comprehensive data protection law(can be from a single comprehensive personal data protection legislation or otherwise a combination of several laws and regulations in that place);

ii. Places that have no comprehensive data protection law but are subjected to binding commitments(multilateral/bilateral agreements and others);

iii. Places that have no data protection law but have a code of practice or national co-regulatory mechanisms.

The Order has proposed the following places to be in the “whitelist places”:-

(a) European Economic Area (EEA) member countries
(b) United Kingdom
(c) The United States of America
(d) Canada
(e) Switzerland
(f) New Zealand
(g) Argentina
(h) Uruguay
(i) Andorra
(j) Faeroe Islands
(k) Guernsey
(l) Israel
(m) Isle of Man
(n) Jersey
(o) Australia
(p) Japan
(q) Korea
(r) China
(s) Hong Kong
(t) Taiwan
(u) Singapore
(v) The Philippines
(w) Dubai International Financial Centre (DIFC)

The deadline for sending feedback is on the 4th of May 2017 (Thursday). For more details, please click here.

Personal Data Protection Commissioner publishes the Personal Data Protection Standard 2015

On 23 December 2015, the Personal Data Protection Commissioner (“Commissioner”) published the Personal Data Protection Standard 2015 after consulting members of the public. The Standard sets out the minimum standards to process personal data and it is applicable to anyone who processes or has control or authorises the processing of any personal data relating to commercial transactions. Broadly, it sets out the security standards (electronic and non-electronic processing), retention standards and integrity standards.

For more information, please refer to the Personal Data Protection Standard 2015 (in Malay language only). The English language will be released by the Commissioner in due course.

[Edited: 6/1/2018] The Personal Data Protection Standards 2015 can be downloaded here.

List of Data User Forums in Malaysia

The Personal Data Protection Commissioner has appointed the following associations as data user forum for the following sectors:-

1. Institut Akauntan Malaysia for the accounting and audit sectors;
2. Persatuan Jualan Langsung Malaysia for the direct selling sector;
3. Persatuan Bank-bank Dalam Malaysia for the banking and financial sectors;
4. Institut Jurutera Malaysia for the engineering services sector;
5. Institut Insurans Hayat Malaysia for the insurance sector;
6. Pertubuhan Akitek Malaysia for the architecture sector;
7. Maxis Berhad for the telecommunications sector;
8. Persatuan Hotel Malaysia for the travel and hospitality sector.
9. Majlis Peguam, Persatuan Undang-Undang Sabah and Persatuan Peguambela Sarawak for the legal sector.

Last updated: 1 April 2015

Source: Personal Data Protection Department Registration Unit.

Proposal Papers – Guideline on Compliance for Personal Data Protection Act and Guide on the Management of Employee Data Under Personal Data Protection Act (PDPA) 2010

The Malaysia Personal Data Protection Commissioner (Commissioner) has published two (2) proposal papers namely:-

(1) Guideline on Compliance for Personal Data Protection Act [No 2/2013]; and

(2) Guide on the Management of Employee Data Under Personal Data Protection Act (PDPA) 2010 [No 3/2013].

The Proposal Paper No 2/2014 sets out the proposed steps to be taken to comply with the Personal Data Protection Act 2010 (PDPA) whereas the Proposal Paper No 3/2014 confirms that employer-employee relationship is governed by the PDPA. Any comments on the Proposal Paper may be submitted to the Commissioner before the prescribed deadline. Copies of the proposal papers are enclosed.

Further, the Commissioner has also uploaded a complaint form on the Commissioner’s website. Data subjects may now file complaints to the Commissioner directly.

Guide to complete the Form 15 (Registration of Data User) pursuant to the Personal Data Protection Act 2010

Commencing from January 2016, all data user registrations are done via online at http://daftar.pdp.gov.my

This is a guide I wrote for lawyers on how to complete the Data User Registration Form (Form 15)


Guide to complete the Form 15 (Registration of Data User) pursuant to the Personal Data Protection Act 2010

As stated by the Bar Council’s Circular No 023/2014 – Personal Data Protection Act 2010: Partnerships to Register with Commissioner by 15 Feb 2014, law firm partnerships are required to file the Form 15 (available at www.pdp.gov.my) before 15 February 2014. Lawyers practicing as sole proprietors are exempted from registration but still must comply with the Personal Data Protection Act 2010.

Specific details on the data user registration are available in the said Circular.

To assist fellow members of the Bar, the KL Bar Information Technology and Publications Committee has prepared an informal guide to complete the Form 15. This guide is based on the Malay version of the Form 15.

Column 7: Tick Partnership
Column 8 : Tick Services
Section B: Tujuan 1: Legal Services (if you have others, please insert in Tujuan 2)
Section C: Jenis Data Peribadi: Name, identity card and passport number, address, email address (please insert more if you have others)
Section D: Name of your Auditor / Accountant (please insert more if you have others) .
Section E: None (unless you disclose the data to other countries)
Section F: Insert information of the person in charge of the data user registration application. It can be anyone authorised by your firm.

Upon completing the Form 15, you may file it with the Personal Data Protection Commissioner at:-

Kaunter Pendaftaran
Bahagian Pendaftaran dan Operasi
Jabatan Perlindungan Data Peribadi
Aras 6, Kompleks KKMM, Lot 4G9
Persiaran Perdana, Presint 4
Pusat Pentadbiran Kerajaan Persekutuan
62100 Putrajaya

Upon filing, you will be issued a document entitled “Kad Akuan Terima”. Payment can be made once your application is approved. All applications will be processed for registration after the 15 February 2014 deadline.

Foong Cheng Leong
Chairperson
KL Bar Information Technology and Publications Committee

 Scroll to top