In Malaysia all commercial activities which involve handling or storing or processing personal data of any kind, in any way, must comply with Personal Data Protection Act 2010 (Act 709) (“PDPA”).
One of the mandatory requirements under the PDPA for a data user is to have written notice informing its data subjects or more commonly known as Personal Data Protection Notice / Statement / Policy. If any establishment were to be found in contravention, they may be liable to a fine not exceeding RM300,000.00 or to imprisonment for a term not exceeding 2 years or to both. This is serious.
As such, this checklist help you to draft the Notice / Statement / Policy as it outlines all the requirements under the PDPA. With this checklist, you will be clear what needs to be inserted in the PDPA Notice/ Statement / Policy. This checklist can be used for any ordinary establishment even without any legal background training.
The drafting of the PDPA Notice / Statement / Policy is divided into 8 main sections namely:
- Description of the Personal Data
- Data Retention
- National Language
Each sections will have explanation as to why this needs to be in the Notice/Statement/Policy and also example for you to adopt.
This document is also available in Bahasa Malaysia:
- Terma-terma penggunaan
- Pengkalan Data