Latest Guidelines on Personal Data Protection Notices under the Personal Data Protection Act 2010 (PDPA)
The Personal Data Protection Act 2010 (“PDPA”) is the main legislation which regulates the processing of personal data in the context of commercial transactions. Pursuant to section 7 of the PDPA (the Notice and Choice Principle), every data user must prepare a written statement which sets out the information as prescribed under the PDPA.
In this regard, the Personal Data Protection Department (Jabatan Perlindungan Data Peribadi or “JPDP”) recently issued the Guide to Prepare Personal Data Protection Notice (“Guidance Note”) to provide guidance to all data users on the preparation of simple but comprehensive personal data protection notices (also known as “privacy notices”), which are aligned with the current business ecosystem as well as the personal data protection landscape in Malaysia.
Pursuant to the issuance of the Guidance Note, this Update seeks to provide a brief summary of the requirements for the preparation of privacy notices, as well as the potential impact on data users vis-à-vis their compliance with the Notice and Choice Principle.
