Skip to content


15 November 2013

New Malaysian Data Protection Law

This article was written prior to the formation of Charles Russell Speechlys, through the merger between Charles Russell and Speechly Bircham.

The much anticipated Malaysian Personal Data Protection Act (PDPA) finally came in to force today. Businesses have a 3-month transitory period to roll out appropriate policies and procedures in order to achieve compliance with the PDPA. PDPA will introduce registration obligations and seven data privacy principles which are very similar to those under the EU framework.  Sanctions for non-compliance with PDPA will result in fines of up to 300,000 ringgit (EUR 75,000) and/or up to three years imprisonment.  Robert Bond is a member of the Malaysian Data Protection Advisory Board; we are therefore well placed to advise on the compliance process.