#PDPA

The Personal Data Protection (Amendment) Act 2024 (PDPA 2024) in Malaysia, which was published in the Gazette on 17 October 2024, marks significant changes to Malaysia’s data protection framework. The significant amendments include mandatory data protection officer (DPO) appointment by controllers and processors, mandatory data breach notifications, data portability rights and requirements under the security principle. The PDPA 2024 also amends the rules relating to data transfers and increases penalties for non-compliance. These amendments to the current Personal Data Protection Act 2010 (PDPA 2010) aims to modernize the law, aligning more closely with internationally recognized standards, positioning Malaysia alongside its regional peers in Asia-Pacific, addressing the evolving challenges of data protection in the digital age. The PDPA 2024 will be implemented in stages starting 01 January 2025, with different sections coming into effect on 01 April and 01 June 2025, addressing inclusion of biometric data as sensitive personal data, security compliance, and international data transfer rules.