The Personal Data Protection (Amendment) Act 2024 introduces significant changes to Malaysia's data privacy landscape. The final and most critical phase of these amendments will take effect on June 1, 2025.

Is your organization prepared?

These updates align Malaysia's regulations more closely with global standards like GDPR and impose new, stricter obligations on how you handle personal data.

Key changes that will be effective from June 1, 2025, include:

Mandatory Appointment of a Data Protection Officer (DPO): Certain organizations will be required to appoint a DPO.

Mandatory Data Breach Notifications: A new framework requires organizations to notify the Personal Data Protection Commissioner and affected data subjects in the event of a data breach.

Right to Data Portability: Data subjects will now have the right to request their data be transferred to another data controller.

These amendments follow earlier changes that came into force in April 2025, which included imposing direct obligations on data processors and introducing "biometric data" as sensitive personal data.

Non-compliance can lead to significantly increased penalties, including fines of up to RM1,000,000 and/or imprisonment for up to three years.

Now is the time to review and enhance your data protection frameworks. Ensure your policies, procedures, and contracts are compliant to safeguard your customers' trust and your organization's reputation.

Part 1: Key Changes to Malaysia's Personal Data Protection Act (PDPA) Effective June 2025

June 4, 2025 | Written by Freddy Loo