Our associate Jane Tan contributed an article to Data Guidance’s “Data Protection Law & Policy” journal. She explores the effect of the new Personal Data (Compounding of Offences) Regulations 2016 which came into force on 15 March 2016.
Businesses which have yet to comply with the requirements of Malaysia’s personal data protection legislation are strongly advised to do so as the implementation of the new compouding regulations could signal the start of enforcement proceedings. Fines under the Personal Data Protection Act can go up to RM500,000 or imprisonment of up to 3 years, or both.
Whilst business organisations may welcome the enforcement of the Compounding Regulations as penalties may be reduced and prosecution may not be instituted, its coming into force indicates that the Commissioner may start enforcement against offenders. Whilst the [Personal Data Protection Act, or PDPA] has been in force in Malaysia since 2013, there has been no known prosecution instituted against a data user for a breach of the PDPA to date, but the Compounding Regulations may signal a change in times to come. This also means that business organisations should quickly comply with the Personal Data Protection Standards 2015 (‘the PDP Standards’), which came into force on 23 December 2015, given that an offence of the PDP Standards is also compoundable.
The PDP Standards set out many specific measures to be implemented by a data user in relation to security, retention and integrity of personal data and it would certainly require time and proper planning in order to comply with the PDP Standards.
You can read the full article at the Data Protection Law & Policy journal (May 2016 issue). The full article will be republished on our blog next month.