We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Top five things you need to know about registration requirements under Malaysia’s new data privacy law

20 January 2014

The Malaysian Personal Data Protection Act came in to force on 15 November 2013.  Businesses were given a 3 month transitory period to register with the Commissioner - this deadline is fast approaching. We have picked out the top five things you need to know about registration with the Malaysian Commission:

  • all 'data users' must submit registrations to the Malaysian Commissioner by 15th February 2014
  • 'data users' includes not only organisations within Malaysia, but also any organisations outside of Malaysia that process its citizens personal data using equipment in Malaysia
  • the registration form is very similar to the UK ICO registration form, requesting details such as: (i) the purpose for processing personal data; (ii) the types of personal data processed); (iii) the organisations to which the data user may disclosure personal data; (iv) transfers abroad; and (v) the identity of the data protection officer
  • the registration will also have to be accompanied by certified copies of certain of the data users' company incorporation documents, eg memorandum of association, articles of association and a fee of ranging between EUR 60 and 70 (depending on the type of business)
  • sanctions for non-compliance with PDPA will result in fines of up to 500,000 ringgit (EUR 110,000) and/or up to three years imprisonment. 

Robert Bond is a member of the Malaysian Data Protection Advisory Board; we are therefore well placed to advise on the registration process.

Please email Robert for an English language version of Form 15(1): 'Registration of Data Users'.