Can you summarize Personal Data Protection Act 2010 (in English)?

Short Summary

The Personal Data Protection Act 2010 regulates the processing of personal data in commercial transactions. It applies to any person who processes or has control over personal data in respect of commercial transactions. The Act sets out the Personal Data Protection Principles, which include the General Principle, Notice and Choice Principle, Disclosure Principle, Security Principle, Retention Principle, Data Integrity Principle, and Access Principle. Data users are required to register and comply with the Act’s provisions. The Act also establishes the Personal Data Protection Fund, Personal Data Protection Advisory Committee, and Appeal Tribunal. Non-compliance with the Act may result in penalties such as fines or imprisonment.

Whom does it apply to?

This Act applies to any person who processes or has control over or authorizes the processing of personal data in respect of commercial transactions.

What does it govern?

The Personal Data Protection Act 2010 governs the processing of personal data in commercial transactions.

What are exemptions?

This Act does not apply to the Federal Government and State Governments, and it does not apply to personal data processed outside Malaysia unless that data is intended to be further processed in Malaysia.

What are the Penalties?

A data user who contravenes the Personal Data Protection Principles under this Act may be liable to a fine not exceeding three hundred thousand ringgit or imprisonment for a term not exceeding two years, or both.

Jurisdiction

Malaysia

Source

Personal Data Protection Act 2010 (in English) [https://reggi.cloud.regology.com/regulations/MY-L/MY-L_OS_PDP]

• Privacy