You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Deutsch
|
English
Rödl & Partner opens new office in Waterloo, Canada |
Worldwide
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Germany
Ansbach
Bayreuth
Berlin
Bielefeld
Chemnitz
Cologne
Dortmund
Dresden
Eschborn
Fuerth
Hamburg
Hanover
Herford
Hof
Jena
Mettlach
Munich
Nuremberg
Plauen
Regensburg
Selb
Stuttgart
Ulm
Worldwide
Algeria
Angola
Argentina
Australia
Austria
Azerbaijan
Bahrain
Belarus
Belgium
Bosnia and Herzegovina
Botswana
Brazil
Bulgaria
Cambodia
Canada
Chile
China
Colombia
Costa Rica
Croatia
Cyprus
Czech Republic
Denmark
Ecuador
Egypt
Estonia
Ethiopia
Finland
France
Georgia
Germany
Ghana
Greece
Hong Kong (S.A.R.)
Hungary
India
Indonesia
Ireland
Italy
Japan
Kazakhstan
Kenya
Kuwait
Latvia
Libya
Liechtenstein
Lithuania
Luxembourg
Malaysia
Malta
Mauritius
Mexico
Moldova
Mongolia
Morocco
Mozambique
Myanmar
Namibia
Netherlands
New Zealand
Nigeria
North Macedonia
Norway
Oman
Pakistan
Paraguay
Peru
Philippines
Poland
Portugal
Qatar
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan
Tajikistan
Tanzania
Thailand
Tunisia
Turkey
Uganda
Ukraine
United Arab Emirates
United Kingdom
Uruguay
USA
Uzbekistan
Vietnam
Zambia
Own offices of Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(Colours appear during mouseover)
We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our
data privacy statement
.
Insights
Services
Expertise from a single source
Our service lines
Legal advisory
Tax consulting
Audit services
Management and IT consulting
Business Process Outsourcing
Interdisciplinary services
MERGERS & ACQUISITIONS
Succession advisory
Mergers & Acquisitions
Stay informed
Completed deals
Who we advise
Media
Newsletters
Virtual reality tours
Virtual reality tours
Publications
Good to know
Newsletters
Brochures
Investment guides
Books
Download centre
Releases
Completed deals
Media contacts
Facts and figures
About us
Entrepreneurial spirit and values
Factbook
Facts and figures
Sustainability
Entrepreneurial spirit and values
Factbook
Managing Partners
Founder Dr. Bernd Rödl
Locations worldwide
Social responsibility
Project Fundus
Rödl Employee Fund for Children’s Aid
Partner cities: Kharkiv-Nuremberg
Family and career
Awards
Compliance & Incident Reporting System
Digital Agenda
Careers
Insights
Part 4: Personal Data Protection (Amendment) Act 2024 - Update on Malaysia´s Data Protection Guidelines
ASEAN
ASEAN Forum
Digital Agenda
E-Invoicing
Indonesia Strategy Forum
Insights
Currently selected
Recent
Alle Kolumnen
Altersvorsorge
Antitrust Law
AOA
Artikelserie im OMV Fokus
ASEAN
Assurance & IT in der Gesundheits- und Sozialwirtschaft
Aufsichtsrecht
Außenwirtschaft und Zoll
BilRUG und weitere Reformen
International Expert Roundtable
Part 4: Personal Data Protection (Amendment) Act 2024 - Update on Malaysia´s Data Protection Guidelines
Page Content
Following the implementation of the Personal Data Protection (Amendment) Act 2024 (“PDPA 2024”), the Personal Data Protection Commissioner (“Commissioner”) has published several public consultation papers for the development of supplementary guidelines to provide greater clarity and certainty on compliance with the new provisions introduced in the PDPA 2024. Our previous articles highlighting the key amendments introduced in the PDPA 2024 can be accessed
here
(Part 1),
here
(Part 2) and
here
(Part 3).
Published Guidelines
On 25 February 2025, the Commissioner issued the following guidelines:
The Implementation of Data Breach Notification Guideline, which sets out:
The scope and threshold of notification to the Commissioner and affected data subjects;
Timeframe for notification;
The manner and form of notifications;
Management of breached personal data; and
The obligations of data controllers, including record-keeping obligations.
The Appointment of Data Protection Officer (“DPO”) Guideline, which sets out:
The threshold for mandatory appointment of DPO;
Expertise, qualifications and residency requirement of DPO;
Key responsibilities of a DPO;
Notification of appointment of DPO; and
Obligations of data controller and data processor.
On 29 April 2025, the Commissioner issued the
Cross-Border Data Transfer Guideline
, which sets out:
New conditions for cross-border transfer under PDPA 2024;
The adoption of Binding Corporate Rules;
Applicability of Standard Contractual Clauses;
Certification mechanism; and
Record-keeping obligations.
Guidelines Pending Issuance by the Commissioner
The Commissioner closed the public consultation papers on 18 October 2024 for the Revised Personal Data Protection Standard 2015 (“PDP Standard”) 2024 and the development of the following guidelines:
The Right to Data Portability Guideline, which discusses the following:
Compliance requirement with data portability requests;
Types of personal data that are subject to portability;
Timeline for responding to data portability requests;
Limitation period for historical data portability;
Imposition of fees; and
Transmission methods for personal data.
Cross-Border Data Transfer Guideline, which discusses the following:
New conditions for cross-border transfer under PDPA 2024;
The adoption of Binding Corporate Rules;
Applicability of Standard Contractual Clauses;
Certification mechanism; and
Record-keeping obligations.
Ongoing Public Consultation Papers
On 20 March 2025, the Commissioner issued public consultation papers (closing on 19 May 2025) for the development of the following guidelines:
Data Protection Impact Assessments
– a proactive process to help organizations assess the risks and impacts related to the processing of personal data to ensure compliance with legal requirements.
Data Protection by Design and by Default
- provides guidance to organizations on integrating data protection at every stage of system and process design.
Automated Decision-Making & Profiling
- Provides guidance on the regulation of data processing involving automated decision-making and profiling to ensure the protection of individual rights.
With the PDPA 2024 and guidelines taking effect from 1 June 2025, organizations are strongly encouraged to review their current data handling practices and begin aligning them with the published guidelines and proposed guidelines to ensure timely compliance.
From The Newsletter
Newsflash Malaysia
Contact
Geetha Salva
+603 2276 5580
Send inquiry
How We Can Help
R
ö
dl & Partner in Malaysia
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
