** Note: This content only available in malay language version.

  1. Background

    The Personal Data Protection Act 2010 (Act 709) or PDPA, is a form of cyber law that is recognised in the implementation of Multimedia Super Corridor (MSC). This Act is the Tenth Policy objective stated in the Communication and Multimedia Act 1998 which is to ensure information security and trustworthiness and the integrity of network.

    Personal Date Protection Bill 2009 were distributed in September 200 to public and private agencies to obtain general comments and opinions and was approved by the Parliament on 5 April 2010 and conferred by Yang Dipertuan Agong on 16 June 2010.

    The main objective of this legislation is to regulate personal data processing in commercial transaction by data user and protecting general personal data interest.


    Seven Principles of Personal Data Protection

    First - To conform with the “General Principles” where date users are not allowed to process other individual’s personal data without consent. The process serves as data handling through automatic or computerisation process or method or any other processes.

    Second - To comply with “Notice and Choice Principle” where early notification and purpose are informed to the respective data owner.

    Third - To comply with “Disclosure Principle” which aims to disclose an individual’s personal data.

    Fourth - To comply with “Security Principle” which is whenever personal data of any individual is required to be processed, the data user need to take measures to ensure the safety, no alteration, no misuse of the data, or no to providing the date to irresponsible parties.

    Fifth - To comply with “Storage Principle” where each personal data shall not be allowed to be stored exceeding the permitted time limit.

    Sixth - To comply with “Data Integrity Principle” where each personal data needs to be assured of its accuracy, comprehensiveness, updated and unambiguous.

    Seventh - To comply with “Access Principle” where the owner of the data must be given access to their personal data held by data user for the purpose of updating the data from time to time.

    Therefore, Malaysian people need to understand their rights in accordance with the principles as stipulated in the Act. The general public can submit any complaint related to PDPA 2010 (Section 709) should they feel that an organisation or individual have infringed any of the seven (7) Principles of Personal Data Protection.

    The following are the recommended practices for complainants when the Act is enforced:


    1. Firstly, the complainant needs to submit a complaint and request for explanation to the relevant organization;
    2. Should the complainant remain unsatisfied with the explanation and the actions taken by the said organisation, thus, the complainant can complaint directly to the Personal Data Protection Department to facilitate investigation;
    • Should the complainant remain unsatisfied with the decision of the Commissioner in relations to the said matter, therefore, the complainant can submit an appeal to Appeals Tribunal by filing a notice of appeal.


    The required details when submitting a complaint: You need to write only a letter or e-mail to Personal Data Protection Department (This email address is being protected from spambots. You need JavaScript enabled to view it.) to justify your case. In your letter or email, you need to state the following matters: -


    1. Name of organisation or person that you are reporting;
    2. Explanation on your concerns;
    • To submit details of responses which you have received from the organisation suspected as the source of breaching the information;
    1. To provide any copies of letter or e-mails regarding your discussion with the said organisation or individual.




    1. Personal Data Protection Act 2010
    2. Personal Data Protection Standard 2015