On 15 November 2013, the Personal Data Protection Act 2010 (PDPA) came into force in Malaysia with the objective of protecting the personal data of individuals with respect to commercial transactions.
Frequently Asked Questions
What is PDPA?
The Personal Data Protection Act 2010 (“PDPA”) is an Act that regulates the processing of personal data in regards to commercial transactions.
It was gazetted in June 2010.
The penalty for non-compliance is between RM100k to 500k and/or between 1 to 3 years imprisonment.
How does PDPA affect your business?This Act applies to any person who collects and processes personal data in regards to commercial transactions. The seven principles of the Act are: general notice and choice disclosure retention security access data integrity principle Personal data relates directly or indirectly to a data subject, who is identified or identifiable from that information, or from that and other information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject. For example: name, identity card number, date of birth, mobile number and etc. In the case where personal data processing is outsourced to a third party, known as the data processor, it is the responsibility of the data user to ensure that the data processor provides sufficient guarantee to protect the personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.
What are the main challenges?This Act affects the personal data life cycle management process from the point personal data is collected, used, stored and destroyed. This Act applies to customers, employees and third party service providers’ personal data. A company's way of doing business will definitely be affected as business processes are required to be refined to comply with the PDPA requirements. Most importantly, a central repository may be required for consent management. The process becomes more complex when cross border personal data transfer is involved.
How Can We Help You?
At Cygnus, we are dedicated to addressing the rising concerns of cyber risk in today’s increasingly digitalized landscape. We understand the critical importance of effective risk management, and we’re here to help you safeguard your organization with a range of comprehensive solutions:
- PDPA-Compliant Private Cloud Solution: Our private cloud solution is designed to ensure compliance with the Personal Data Protection Act (PDPA). Your sensitive data will be handled with the utmost care and in adherence to regulatory requirements.
- ISO 27001-Compliant Solutions: Our offerings adhere to ISO 27001 standards, which are internationally recognized for information security management. This certification underscores our commitment to maintaining the highest levels of security for your data.
- Cyber Risk Reduction and Mitigation: We possess the expertise and tools necessary to analyze, identify, and mitigate cyber risks within your organization. Our proactive approach helps minimize potential threats and vulnerabilities.
- Cyber Insurance Assistance: We can guide you in obtaining cyber insurance coverage that suits your organization’s specific needs. Cyber insurance is an essential safeguard against the financial implications of cyber incidents.
- Compliance with Cyber Insurance Requirements: Our solutions are designed to align seamlessly with the requirements of cyber insurance policies. This ensures that you meet the necessary criteria to benefit fully from your insurance coverage in the event of a cyber incident.