Malaysia General Code of Practice of Personal Data Protection imposes new requirements on data users

30 March 2023

On 15 December 2022, the latest General Code of Practice of Personal Data Protection (“Code”) issued by the Personal Data Protection Commissioner (“Commissioner”) came into effect, providing further guidance on the processing of personal data in Malaysia. Since the Personal Data Protection Act 2010 (“PDPA”) came into force on 15 November 2013, the Commissioner has registered various codes of practice governing the processing of personal data in specific sectors, such as the banking and finance sector as well as the telecommunications sector.

The Code applies to classes of data users (that is, persons who process personal data for their own purposes) who are not currently subject to any other codes of practice registered under the PDPA. Sectors which will be subject to the Code include, among others:

• Retail and wholesale dealings as defined under the Control Supplies Act 1961
• Education
• Professional services (accounting, architecture, audit, engineering, legal, etc.)
• Direct selling
• Tourism and hospitalities
• Real estate

Non-compliance with the Code could result in an offence carrying a financial penalty of up to RM100,000, and/or imprisonment of up to one year, and any person responsible for the management of a corporate offender may also be personally liable.

This article by our associate firm in Malaysia, Rahmat Lim & Partners, provides an overview of the new requirements. To read the full article from the Rahmat Lim & Partners website www.rahmatlim.com, please click here.