Personal Data Protection Act (PDPA) in Malaysia

The Personal Data Protection Act 2010 (‘PDPA’) is an Act that regulates the processing of personal data in regards to commercial transactions. It was gazetted in June 2010. OnPersonal Data Protection Act (PDPA) in Malaysia November 15, 2013, the Personal Data Protection Act 2010 (PDPA) came into force in Malaysia with the objective of protecting the personal data of individuals with respect to commercial transactions. This Act applies to any person who collects and processes personal data in regards to commercial transactions.

Personal data relates directly or indirectly to a data subject, who is identified or identifiable from that information in the possession of a data user, including any sensitive personal data and expression of opinion about the data subject. In the case where personal data processing is outsourced to a third party, known as the data processor, it is the responsibility of the data user to ensure that the data processor provides sufficient guarantee to protect the personal data from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.

In compliance with the Act, Crown Malaysia is required to manage the personal data and other information from clients. This Act affects the personal data life cycle management process from the point personal data is collected, used, stored and destroyed. A company's way of doing business will definitely be affected as business processes are required to be refined to comply with the PDPA requirements. Most importantly, a central repository may be required for consent management. 

We are committed to ensuring the confidentiality, protection, security and accuracy of Personal Data made available to us.

We retain the Personal Data and that of other individuals that client provides for a reasonable period in accordance with commercial requirements and at all times subject to prevailing legal requirements. We keep data in a secure manner. We also take all reasonable steps to ensure that such information is kept confidential. We will not sell, rent or trade any Personal Data. We endeavor where practicable, to implement the legally mandated and/or appropriate administrative and security safeguards and procedures in accordance with the applicable laws and regulations in order to prevent the unauthorized or unlawful processing of client’s Personal Data and the accidental loss or destruction or damage.

In addition, you will appreciate that the nature of our services are such that it may be necessary, where we consider it appropriate, for the purposes of data storage or processing or providing any service on our behalf to you, to transfer your Personal Data to our affiliates and / or associated companies and/or third party service or product providers within or outside the country in which we are established, under conditions of confidentiality and similar levels of safeguards.