Data Protection in Malaysia

National data protection authority in Malaysia

Pursuant to the PDPA, a Personal Data Protection Commissioner (Commissioner) has been appointed to implement the PDPA's provisions. The Commissioner will be advised by a Personal Data Protection Advisory Committee who will be appointed by the Minister, and will consist of one Chairman, three members from the public sector, and at least seven, but no more than eleven other members. The appointment of the Personal Data Protection Advisory Committee will not exceed a term of three years; however, members can be appointed for two successive terms.

The Commissioner's decisions can be appealed through the Personal Data Protection Appeal Tribunal. The following are examples of appealable decisions:

  • Decisions relating to the registration of data controller under Part II Division 2 of the PDPA;
  • The refusal of the Commissioner to register a code of practice under Section 23(5) of the PDPA;
  • The service of an enforcement notice under Section 108 of the PDPA;
  • The refusal of the Commissioner to vary or cancel an enforcement notice under Section 109 of the PDPA; or
  • The refusal of the Commissioner to conduct or continue an investigation that is based on a complaint under Part VIII of the PDPA.

If a data controller is not satisfied with a decision of the Personal Data Protection Advisory Committee, the data controller may proceed to file a judicial review of the decision in the Malaysian High Courts.

Continue reading

  • no results

Previous topic
Back to top