ARTICLE
14 March 2025

Overview On The Appointment Of Personal Data Protection Officer Under The Personal Data Protection Act 2010

AA
Azmi & Associates

Contributor

Azmi & Associates logo
We progressively strive to be a world-class corporate and commercial law firm, providing integrated, innovative and comprehensive solutions globally by synergising human capital, technology and best practices. Our team is diverse, multi-lingual, internationally trained with a modern outlook and proactive approach. We also take pride in being one of the select few law firms of Malaysia to have an active Chinadesk managed by Mandarin proficient lawyers. Two decades of experience within the legal industry, a wide-network base and a diverse workforce, enables us to provide seamless delivery of services to our clients around the globe.
Section 12A of the Personal Data Protection Act 20101 [Act 709] ("PDPA"), which will come into effect on 1 June 2025 requires data controller and data processor to appoint one or more data protection officers ("DPO")...
Malaysia Privacy

Introduction

Section 12A of the Personal Data Protection Act 20101 [Act 709] ("PDPA"), which will come into effect on 1 June 2025 requires data controller and data processor to appoint one or more data protection officers ("DPO") who shall be accountable to the data controller and the data processor for the compliance with the PDPA.

Pursuant to the above and Section 48(g) of the PDPA, the Personal Data Protection Commissioner ("Commissioner") has recently issued:

(a) Circular of Personal Data Protection Commissioner No. 1/2025 (Appointment of Data Protection Officer) ("Circular No. 1/2025"); and

(b) Personal Data Protection Guideline: Appointment of Data Protection Officer Version 1.0 ("DPO Guideline").

Circular No. 1/2025 (which will come into effect on 1 June 2025) and the DPO Guideline serves as a valuable reference to help data controller and data processor in adhering to their obligations in respect of the appointment of DPO.

Key Information under the Circular No. 1/2025 and the DPO Guideline

We highlight below some of the key information under the Circular No. 1/2025 and the DPO Guideline:

1597772a.jpg
1597772b.jpg

Conclusion

In conclusion, data controllers and data processors that have satisfied the conditions for the appointment of the DPO are required to appoint DPO and to comply with all the requirements in respect of such appointments as required under Circular No. 1/2025 and DPO Guideline. Further, it is important for such data controllers and data processors to be proactive in reviewing and updating their existing data protection policies, procedures and notices to reflect the above requirements and to strictly adhere to the same to ensure compliance with the PDPA.

Footnotes

1. Incorporated into the PDPA pursuant to the Personal Data Protection (Amendment) Act 2024.

2. Paragraph 4(1) of Circular No. 1/2025 and Paragraph 4.2 of DPO Guideline.

3. Paragraph 4.3 of DPO Guideline.

4. Paragraph 4(3) of Circular No. 1/2025 and Paragraph 6.3 of DPO Guideline.

5. Paragraph 4(3) of Circular No. 1/2025 and Paragraph 6.9 of DPO Guideline

6. Paragraph 4(6) of Circular No. 1/2025 and Paragraph 6.5 of DPO Guideline.

7. Paragraph 6.6 of DPO Guideline.

8. Paragraph 4(5) of Circular No. 1/2025 and Paragraph 5.5 of DPO Guideline.

9. Paragraph 4(4) of Circular No. 1/2025 and Paragraph 6.10 of DPO Guideline.

10. Paragraphs 8(1) and (2) of Circular No. 1/2025 and Paragraphs 7.1 and 7.2 of DPO Guideline.

11. Paragraph 8(3) of Circular No. 1/2025 and Paragraph 7.4 of DPO Guideline.

12. Paragraph 5(1) of Circular No. 1/2025 and Paragraphs 8 to 10 of DPO Guideline.

13. Paragraphs 6(1) to 6(9) of Circular No. 1/2025 and Paragraphs 11, 13 to 16 of DPO Guideline.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More