This 2-day PDPA training course enables delegates to understand the legal requirements of compliance that apply to key areas of their daily working lives. The program is tailor-made with a practical focus on answering the day-to-day questions which may arise in relation to the participant’s organization’s handling of personal data, with the trainer providing concrete examples.

As part of the proposed new changes to the PDPA, it is imperative for officers and individuals handling personal data in any organization to stay updated on evolving compliance frameworks and regulations. The course will incorporate the latest updates and proposed changes in the PDPA to ensure that participants are well-versed in the most current legal landscape.

Companies are strongly advised to establish and maintain a robust compliance framework, provide adequate training, and implement comprehensive PDPA policies. Non-compliance with the PDPA law can result in severe penalties accompanied by potential jail terms. This course will also include an in-depth review of the newly proposed PDPA amendments.

As you are aware, there were recent amendments made to the Malaysian Personal Data Protection Act 2010 (“PDPA”). Some of the PDPA amendments have already come into force on 1 January 2025. However, other amendments would take effect on 1 April 2025 and 1 June 2025 respectively as follows:

1 April 2025

• Replacement of the term “data user” with “data controller”
• Recognition of biometric data as a category of sensitive personal data
• Obligation of the data processors to comply with the Security Principle
• Increased penalties for non-compliance with the PDPA
• Principles to a maximum fine of RM1,000,000.00 and imprisonment of three (3) years
• Changes to transfer of data overseas

1 June 2025

• New obligation for both data controllers and data processors to appoint a data protection officer (DPO)
• New mandatory personal data breach notification regime for data controllers
• New right of data portability granted to data subjects