Personal Data Protection Act 2024 (Amendment) Malaysia

Download Guide >>

As Data Security Experts, We Are Here to Help You Navigate
PDPA 2024 Compliance

The Personal Data Protection Act (PDPA 2024) introduces significant amendments to Malaysia’s data protection framework, aligning it more closely with international standards. These changes aim to enhance the protection of personal data and impose stricter obligations on organisations handling such data.

DOWNLOAD GUIDE

INTRODUCTORY GUIDE TO THE PERSONAL DATA PROTECTION ACT
(PDPA 2024)

With the Personal Data Protection Act (PDPA) 2024 amendments now in effect, data privacy is no longer just a legal requirement—it’s a strategic necessity.

 

This guide outlines the key changes in the PDPA 2024 update, what they mean for your organisation, and the steps you need to take to stay compliant. From breach notifications to data subject rights, it offers clear, actionable insights to help you manage your data protection responsibilities with confidence.

Request the FREE Guide

NEED HELP? BOOK A FREE DISCOVERY CALL NOW

WHO NEEDS TO COMPLY?

UNDERSTAND HOW YOU MIGHT BE EFFECTED

The PDPA 2024 applies to any person who processes, has control over, or authorises the processing of any personal data in respect of commercial transactions. This includes both data controllers (formerly known as data users) and data processors. Key sectors affected include:​

  • Data Controllers: Individuals or organisations that determine the purposes and means of processing personal data.
  • Data Processors: Individuals or organisations that process personal data on behalf of the data controller.
  • Businesses: Any entity that processes or has control over the processing of personal data in relation to commercial transactions and is established in Malaysia.

PDPA (AMENDMENT) 2024 IMPLEMENTATION TIMELINE

KEY DATES ON THE JOURNEY TOWARDS PDPA 2024 COMPLIANCE

The amendments will roll out in three phases, starting from 1 January 2025:

The amendments are effective from 1 January 2025 and include administrative changes such as electronic document service and revised powers for the Commissioner.

Direct obligations on data processors to comply with the security principle, changes to cross-border transfer rules, revised definitions of “sensitive personal data” and “personal data”, and increased penalties.

Data protection officer (DPO) appointment, mandatory data breach notifications, and data subject rights to data portability.

Get the PDPA 2024 Guide >>

MORE RESOURCES

BOOK A DISCOVERY CALL

HANDD has been supporting clients across key industries such as banking, manufacturing, oil & gas, healthcare, and telecommunications for almost 20 years.


We partner with organisations to navigate the complexities of cyber and data regulations – and the PDPA Act 2024 is no exception. Book a call with our experienced team of cyber-risk and data security specialists, and let us help you prepare for PDPA Act 2024 compliance in 2025.

Request: Free 30-Minutes Compliance Consultation

We will do our best to meet your preferred date and time. Should there be any changes, our team will contact you directly.

PDPA CONSULTANCY & SUPPORT

Request a Non-Obligation Discovery Call

 

Use the calendar to book a 30-minute discovery call with one of our experts. 

Alternatively, get in touch at info@handd.com.sg.

 

Preparing for PDPA 2024, but unsure where to start?

 

If you’re currently planning your organisation’s PDPA compliance strategy but feeling overwhelmed by the legal requirements, uncertain about what internal changes are necessary, or struggling to interpret the latest amendments — HANDD can help.

 

PDPA Compliance Consultancy Services

 

HANDD Business Solutions (HANDD) brings almost 20 years of experience in compliance consulting, working with organisations across banking, manufacturing, oil & gas, healthcare, and telecommunications. We offer tailored services to help businesses understand and implement the Personal Data Protection Act (PDPA) 2024 amendments – ensuring compliance while strengthening data security practices.

Your data is secure & will never be shared with any third party. Read our Privacy Policy for details.

Get the PDPA 2024 Guide >>

Watch our on demand webinar:
NIS 2 and the Countdown to DORA

Please fill out the below form to watch the on demand webinar:

In the latest of our series of Compliance and Regulation webinars, join HANDD’s Lead Solutions Architect, Sam Malkin, who provides practical advice on how to meet the NIS 2 requirements, manage risks, and prepare your organisation for these critical changes.

Sam also covers the upcoming DORA deadline in January 2025, discussing its impact and what financial and non-financial institutions need to know to comply.

Key takeaways:
• Practical steps for complying with NIS 2 and DORA
• How NIS 2 and DORA align and differ in scope
• How HANDD have helped others and what our customers are doing to ensure compliance

  • Data Controllers: Individuals or organizations that determine the purposes and means of processing personal data.
  • Investment firms
  • Crypto-asset service providers, issuers of crypto-assets and issuers of asset referenced tokens
  • Central securities depositories and central counterparties
  • Trading venues and trade repositories
  • Managers of alternative investment funds
  • Management companies
  • Data reporting service providers
  • Insurance and reinsurance undertakings, insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries
  • Institutions for occupational retirement pensions
  • Credit rating agencies
  • Statutory auditors and audit firms
  • Administrators of critical benchmarks
  • Crowdfunding service providers
  • Securitisation repositories
  • ICT third-party service providers
NEED HELP? BOOK A FREE DISCOVERY CALL NOW
WhatsApp