Update on PDP with Futurise strengthen personal data protection

18 November 2024

PUTRAJAYA: The Personal Data Protection (PDP) Commissioner, in collaboration with Futurise Sdn. Bhd., is pleased to provide an update on the ongoing development of the Personal Data Protection and Privacy Regulatory Sandbox. This initiative aims to enhance data protection standards and guidelines in Malaysia.

As part of the regulatory sandbox deliverables, the PDP Commissioner and Futurise will unveil four guidelines and one standard by early 2025, with an additional three guidelines scheduled for release in the third quarter of 2025.

This significant advancement follows the signing of a Memorandum of Understanding (MoU) between the two organizations in early 2024, which established the foundation for their collaborative efforts to improve Malaysia's data protection and privacy framework.

The development of these guidelines aligns with the recent amendment of the Personal Data Protection Act 2010 [Act 709], which received parliamentary approval in July 2024 and was officially gazetted on October 17, 2024.

Public consultation for the first five guidelines commenced in August 2024 and concluded recently, gathering over seven hundred pieces of feedback for further consideration.

The upcoming guidelines, expected to be released early next year, will cover the following topics: Data Protection Officer, Data Breach Notification, Cross-Border Data Transfer, Data Portability, and a revised version of the Personal Data Protection Standard.

These guidelines are set to provide clear, actionable frameworks for the private sectors to ensure compliance with evolving data protection regulations and international standards.

In addition, it will also address critical areas such as data handling, storage, access control, and breach management, empowering businesses and organisations to adopt best practices for safeguarding personal data.

PDP Commissioner, Prof. Dr. Mohd Nazri Kama stated, "As Malaysia embraces its digital transformation, ensuring the privacy and security of personal data becomes paramount.

"The collaboration with Futurise's regulatory sandbox allows us to establish guidelines that comply with international standards and are tailored to Malaysia's unique regulatory environment. We are confident that the guidelines will serve as a valuable resource for all stakeholders involved in managing personal data."

"Data protection is not only about compliance; it's about ensuring trust in the digital economy. Our regulatory sandbox reflects our commitment to creating a robust framework that is inclusive as it takes into account input from various stakeholders that will empower organisations to uphold the highest standards in data security," said Rosihan Zain Baharudin, Chief Executive Officer (CEO) of Futurise.

Therefore, the release of these guidelines will mark a major milestone in enhancing Malaysia's data privacy frameworks, further aligning with the nation's broader digitalization efforts. Futurise and PDP remain committed to fostering a secure digital environment as the country continues its digital journey.

The PDP Commissioner is a statutory body that was incorporated on 15 November 2013 [Act 709]. Among the functions of the PDP Commissioner provided under Act 709 are to regulate the processing of personal data in commercial transactions, advising the Minister on the national policy for personal data protection and represent Malaysia through participation in international events.