Personal Data Protection Act, 2009 (“PDPA”) has been passed by the Dewan Negara on 4 May 2010. The authorities are now aiming to create awareness to the public as to the concept of data protection compliance and data security. PDPA applies to local and foreign companies operating in Malaysia that process any personal data in their commercial transactions relating to supply or exchange of goods or services.
PDPA gives individuals in Malaysia the right to know what personal data is held about them and sets out rules to make sure that this personal data is handled properly by the organizations holding the data.
Personal data are information about a living individual and is identified through a name in combination with your home address, office address, and telephone number. Description of a person without a name is also personal data if it can be used to identify a person such as designation, email address, age or address.
Organizations, companies or individuals are required register under the PDPA as data users if they collect and hold personal information about individuals in respect of commercial transactions whether contractual or not in any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance.
For all the MBA students (mainly those who want to work in a country like Malaysia where the privacy of data subjects is protected by a similar legislation) it is necessary to discover the concepts of data protection compliance and how it will help them to guide their organizations toward compliance readiness.
PDPA applies to local and foreign companies operating in Malaysia that processes any personal data in their commercial transactions relating to supply or exchange of goods or services such as insurance companies, cooperatives, Private Colleges and Universities, banks and financial institutions, accountants, engineers, surveyors, lawyers, private hospitals and clinics and any businesses and companies that store personal data.
The rights of data subjects under the PDPA are provided in Part two, division 4, and sections 30-44. In short, those rights can be enlisted as follows:
- Right to access
- Right to correct data
- Right to withdraw consent for data processing
- Right on sensitive data
- Right to prevent distress/damage
- Right to prevent direct marketing
There are still some prominent issues that can confront individuals such as issues of workplace monitoring, junk mail/spam, data theft, and pictures taken at public places that should be taken into consideration.
In order to achieve better implementation of PDPA2010, organizations should see and manage it using the perspective of individuals, not merely that of the organization; because in organizations, their people (employers, employees, business partners) are all data subjects too.
Hi Shiva, Good to know that you are into Data Protection Law. I have been working on the subject for the past 7 - 8 years now. Yes its been that long a time. Anyways, keep in touch, add me up if you have FB - just google "Anand Segran" (so much for privacy). take care.
ReplyDelete