Download - BC's Comparative Table Data Privacy Laws
BCs Comparative Table of Data Privacy Laws in ASEAN
MalaysiaPhilippinesSingapore
Name of Primary LegislationPersonal Data Protection Act 2010Data Privacy Act 2012Personal Data Protection Act 2012
Name of Enforcement AgencyPersonal Data Protection DepartmentNational Privacy CommissionPersonal Data Protection Commission
Jurisdiction
Name and Type of PartiesData User persons established in Malaysia and persons who are not established in Malaysia but who use equipment in Malaysia for processing personal information.
Data Subject Person whose personal information is subject to Act
Personal Information Processor - any natural or juridical person qualified to act as such under this Act to whom a personal information controller may outsource the processing of personal data pertaining to a data subject.Personal Information Controller a person or organization who controls the collection, holding, processing or use of personal information, including a person or organization who instructs another person or organization to collect, hold, process, use, transfer or disclose personal information on his or her behalf. The term excludes:
(1) A person or organization who performs such functions as instructed by another person or organization; and
(2) An individual who collects, holds, processes or uses personal information in connection with the individuals personal, family or household affairs.
Data Subject
Definition of Information / Data Personal Data
Does not apply to personal data processed outside of Malaysia, unless that data will be further processed in Malaysia.Personal InformationPersonal Information
Separate category of Information / DataSensitive Personal DataPrivileged Information Sensitive Personal InformationN.A.
Definition of Processing and TransfersIncludes transfersExcludes transfers; transfer is not defined
Registration RequirementYes; all data users must register with the PDPDNo System of Mandatory RegistrationNo System of Mandatory Registration
Do-Not-Call RegimeN.A.N.A.Yes
Breach Notification
Data Protection Officer RequirementNoYesYes
Main Principles
Criminal Liability
Civil LiabilityYes, individuals have the right to bring a civil claim against a non-compliant data organisation.