Personal Data Protection Act 2010 (PDPA)
The Personal Data Protection Act 2010 (“PDPA”) is an Act that came into force on 15 December 2013 to regulate the processing of personal data regarding commercial transactions. Personal data refers to data about an individual who can be identified from the data, and other information to which the organisation has or is likely to have access.
Objectives of the PDPA
The PDPA recognises both the need to protect individuals’ personal data and the need for organisations to collect, use or disclose personal data for legitimate and reasonable purposes.
A data protection framework is necessary to safeguard personal data from misuse and to maintain individuals’ trust in organisations that manage their data.
By regulating the flow of personal data among organisations, the PDPA also aims to strengthen as a trusted hub for businesses.
Penalties for Non-Compliance
The penalties for non-compliance with the PDPA regulation are rather straightforward. Here are several principles that any organization collecting data will need to adhere to. Under Section 5 of the PDPA, if these principles are violated in any form, it carries a maximum fine of RM300,000 and/or imprisonment not exceeding a term of 2 years.
Furthermore, under Section 16 of the PDPA, certain institutes such as licensed banks, insurers, private health care institutions, licensed tour operators, direct sales businesses, private higher education institutions, and certain utilities and transportation service providers are required to register their activities with PDPA. In case of any violations, offenders can face fines of up to RM500,000 and imprisonment of up to 3 years.
Lastly, as per Section 129 of the PDPA, if an organization is found to have transferred data obtained from inside Malaysia to any external location, they can be fined up to RM300,000 and/or 2 years of imprisonment to follow.
Conclusion
The conclusion of the PDPA emphasizes the importance of safeguarding individuals’ personal data, providing them with greater control over their information, and promoting responsible data-handling practices among businesses and organizations. The specifics of the conclusion can vary based on the context and provisions of the PDPA you are referring to. If you have a specific PDPA in mind, please provide more details for a more precise response.
