Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Malaysian businesses must prepare for complaints as PDPA finally in force, says global law firm

AvantiKumar | Nov. 21, 2013
Interview: As Malaysia's Personal Data Protection Act 2010 came into force on 15 November 2013, businesses have three months to drop the dangerous 'wait-and-see' approach, says DLA Piper's Scott Thiel.

"It is therefore advisable that businesses take action as soon as possible to implement compliance initiatives, which should include identifying personal data being collected and the purpose of collecting such data; issuing personal data protection notices to customers; applying processes to comply with security, retention, accuracy and access requirements; and auditing compliance from time to time," he said. 

Thiel said companies that handle any personal data or information that "relates directly or indirectly to an individual (data subject), is material that enables a data user to identify an individual (employee, customer, visitor etc.) and can take the form of hard copy (paper) data, or soft copy (electronic) data."

"The Act introduces a broad regime that imposes responsibilities upon businesses and organisations that manage and process personal data as part of any commercial transactions," he said.

"Processing information means collecting, recording, holding or storing personal data; or the authority/control over the processing of personal data, such as through an outsourcing agreement," said Thiel.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.