PDP Act enforcement soon – Are we prepared?

By Sonny Zulhuda

Recent report about the PDP Act 2010 (Act 709) soon to be enforced would naturally receive mixed reaction. Some quarters would be anticipating that news, while others could have heard it like a gong in the middle of the night.

I am glad that I have a privilege to engage with many people from different industries in the past five years, with whom I have shared my views, research and “strategies” on the new law in workshops, trainings and seminars. From the events that I attended or conducted, I find some sectors are more prepared than others in anticipating the coming or implementation of the Malaysian Personal Data Protection Act 2010.

In getting these industries actively moving or preparing, there are few factors that I think are relevant:

  1. Due to existing regulatory framework
  2. Due to their international pressure
  3. Due to individual experiences

Under the first category would appear to be those under certain professional associations, banks and financial institutions. The existing regulatory and supervisory framework under the Central Bank had made the issue of protecting personal data, especially that of the banks’ customers, critical. In one instance, as a result of regular audit on the banking system, one of the local banks was tasked to improve their handling of personal data of their customers. One of the measures taken by that bank was to train their key officers on the issues of personal data protection law. And that is how I came to them and share my views.

Under the second, this is applicable to those industries that involve international market, or otherwise those local companies who are the extension of foreign establishments. Other than foreign banks and insurance companies, we can see petroleum companies,  airliners, outsourcing companies as well as trading entities came forward to learn about the PDP Act 2010.

As for the third factor, this encompasses many industries or sectors – and even individuals who has personal experience or interests that led them come to learn about the data protection do’s and don’ts.

In summary, Malaysians are not that ignorant. In the past two years, some efforts had been taken by certain people, companies and quarters to learn, understand and be more practically equipped on their duties and obligations under the Personal Data Protection Act 2010.

What I always share with them in my trainings or seminars is these words:


Wish you all the best!

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s