Personal Data Protection Act (PDPA)
The Personal Data Protection Act (PDPA) is an Act that regulates the processing of personal data in regards to commercial transactions. It was published in June 2010. On November 15, 2013, the Personal Data Protection Act 2010 (PDPA) came into force in Malaysia with the objective of protecting the personal data of individuals with respect to commercial transactions.
This Act applies to any person who collects and processes personal data in regards to commercial transactions. Users need to be protected to prevent any form of abuse against the storage or processing of personal data of individuals, public and private sectors in Malaysia for commercial transactions is stipulated under the PDPA. PDPA affects the personal data life cycle management process from the point personal data is collected, used, stored to till the point it is destroyed.
Data protection officer (DPO) is to be appointed within the organization to oversee the data protection responsibilities and ensure compliance with the PDPA.
Anyone who breaches any of the above principles will be liable to a fine not exceeding three hundred thousand ringgits (MYR300,000) and / or a jail term not exceeding two years.
WHY TO COMPLY WITH PDPA MALAYSIA
The Act primarily aims to regulate the collection, holding, processing and use of personal data in commercial transactions and also to prevent malicious use of personal information. This piece of legislation plays a crucial role in safeguarding the interest of individuals and makes it illegal for anyone, be it corporate entities or individuals, to sell personal information or allow such use of the data by third parties.
This law is completely about commercial transactions which guarantees privacy of personal data.
PDPA MALAYSIA PRINCIPLES
PERSONAL DATA PROTECTION PRINCIPLES
DATA PROTECTION PRINCIPLES OUTLINED IN MALAYSIA PERSONAL DATA PROTECTION ACT 2010
Consent of Data Subject is required to process personal data. For sensitive personal data, explicit consent is needed.
Data Subjects must have access and be able to correct if inaccurate
No disclosure of personal data without consent of data subjects.
Data Users must take practical steps to protect personal data (IT System and Intenal processes)
Personal Data should not be kept longer than necessary – must destroy after purpose is met.
Data Integrity Principle
Data users must ensure data processed is accurate, complete and up-to-date having regard to the purpose of collection.
Notice and Choice Principle
Data User to give notice to data subject of the processing, description of personal data, purpose, source of information and right to request access, third parties to whom data users discloses, how to limit processing, whether it is obligatory or voluntary to supply personal data.
PDPA MALAYSIA COMPLIANCE PROCESS
PREPARE A PRIVACY NOTICE
ENSURE THAT PERSONAL DATA IS ONLY DISCLOSED FOR RIGHTFUL PURPOSE
PREPARE A PERSONAL DATA POLICY
ENSURE STAFF AWARENESS IN DATA PROTECTION
PREPARE A RETENTION POLICY
REVIEW THAT PERSONAL DATA IS NOT COLLECTED EXCESSIVELY
ESTABLISH A DATA ACCESS PROCEDURE AND SECURE STORAGE
ENSURE LAWFUL TRANSFERRING OF PERSONAL DATA OVERSEAS
Govern regulatory policies in a centralized location. Define and document policies, controls, Governance processes, Critical Data Elements, Data Categories, Data Subcategories, DQ dimensions and DQ rules
of Restricted Data
Mapping of data to critical data elements ensuring restricted data is effectively validated by customizing the workflows and used for ongoing GDPR compliance as the law evolves.
to Maintenance Issues
Manage the governance stewardship to rectify the error data and quickly address issues with targeted maintenance alerts.
By managing all governance activities under single tool will reduce the human power as well as the cost.
Risk by Monitoring Risk Reports
Track and analyze Data risk effectively by monitoring the reports to mitigate business impact and the policy violations.
DATA INSIGHTS PLATFORM(DIP) SOLUTION FOR REGULATORY COMPLIANCE
Data Insights Platform (DIP) is a Data Governance framework designed specifically for Regulatory compliance , with pre-configured content like Policies, Controls, data categories, Sub-Categories, Critical Data Elements, workflows, reports, dashboards, and more.
Data Insights Platform (DIP) offers a centralized location where you can document, govern and collaborate around privacy and security policies to ensure they are effectively managed across the enterprise. It also allow organizations to establish a data mapping system to record processing activities and perform data Quality assessments.
Data Insights Platform (DIP) provides a sustainable approach to regulatory policies by managing the compliance through risk evaluations and assessments then take remediation actions as issues arise. Manage approvals, identify risk controls and tailor workflows to match specific business needs. Monitor compliance progress through easy-to-understand dashboards and reports which shows the regulatory violations details.
AMURTA’s Data Insights Platform is an enterprise-level solution that enhances productivity and perform better by turning raw data into actionable insights. This platform put people and process in place which improves automating the data governance and data management to deliver the trusted data to the business users who can quickly chart out the reality of data, its lineage, and usage across the policies, processes, projects, and regulation.
SPEAK TO OUR EXPERTS TODAY
If you have queries we are ready to discuss how our Data Insights Platform can help you in improving your organization governance process.