Personal Data Protection Policy Drafting Checklist


A checklist for drafting your own Personal Data Protection Policy or to make sure that your existing policy has the necessary information in accordance to Malaysian Personal Data Protection Act 2010 (PDPA).

SKU: TK-002 Category: Tag:


In Malaysia all commercial activities which involve handling or storing or processing personal data of any kind, in any way, must comply with Personal Data Protection Act 2010 (Act 709) (“PDPA”). 

One of the mandatory requirements under the PDPA for a data user is to have written notice informing its data subjects or more commonly known as Personal Data Protection Notice / Statement / Policy. If any establishment were to be found in contravention, they may be liable to a fine not exceeding RM300,000.00 or to imprisonment for a term not exceeding 2 years or to both. This is serious. 

As such, this checklist help you to draft the Notice / Statement / Policy as it outlines all the requirements under the PDPA. With this checklist, you will be clear what needs to be inserted in the PDPA Notice/ Statement / Policy. This checklist can be used for any ordinary establishment even without any legal background training. 

The drafting of the PDPA Notice / Statement / Policy is divided into 8 main sections namely:

  1. Opening
  2. Terms of Use
  3. Description of the Personal Data
  4. Purpose
  5. Security
  6. Data Retention
  7. Consent
  8. National Language

Each sections will have explanation as to why this needs to be in the Notice/Statement/Policy and also example for you to adopt.

This document is also available in Bahasa Malaysia:

  1. Pembukaan
  2. Terma-terma penggunaan
  3. Perihalan
  4. Maksud
  5. Keselamatan
  6. Pengkalan Data
  7. Persetujuan

Additional information

File Format

PDF (.pdf)

Total Pages





There are no reviews yet.

Be the first to review “Personal Data Protection Policy Drafting Checklist”