MGCC Blog

As the first country in the Asean region, Malaysia has implemented a privacy-specific legislation. On 2 June 2010, the Personal Data Protection Bill 2010 (PDPB) has been officially given a Royal assent and has been gazetted on 10 June 2010. 

Previously, apart from certain sectoral secrecy obligations, information of a personal nature had only been protected as confidential information through contractual obligations or common law. 

The key objective of the new PDPB is to regulate the processing of personal data in the context of commercial transactions by data users. “Commercial transactions” are defined broadly as any transactions of a commercial nature, e. g. supply or exchange of goods or services, financing, banking and insurance. 

On the contrary, personal data processed only for the purpose of the individual’s personal affairs or for recreational purposes are exempted from the PDPB.

Moreover, the act seeks to prevent abuse of personal data of citizens for commercial purposes. Offenders are liable to be arrested a maximum of two years or fined RM 200,000 or both, if convicted.

Contributed by: Christina Adler