Search for:

The Personal Data Protection Department is now actively enforcing the PDPA.

Companies in the hotel and education sector, as well as an employment agency have been fine up to RM 20,000 for breach of the PDPA.

Data users should therefore ensure that there is full compliance with all the requirements under the PDPA and its subsidiary legislation, including the Personal Data Protection Regulation and the Personal Data Protection Standards.

The details of the offence and penalty are set out below:

No Entity Offence Penalty
1. Hotel
Judgement date:20/9/2017
Section 16(4)
Processing personal data without certification of registration

Section 5(2)
Processing data subject’s personal data without consent


  • A total fine of RM 20,000 (RM 10.000 for each offence); or
  • 8 months imprisonment
2. Private Higher
Education Institution
Judgement date:
Section 16(4)
Processing personal data Without certificate of registration

  • A total fine of RM 10,000; or
  • 3 months imprisonment
3. Employment Agency
Judgement date:
Section 16(4)
Processing personal data without certificate of registration
A fine of RM 10,000
Imprisonment may be applicable to any director or officer of tile body corporate, unless such individual manages to prove:

  1. the offence was committed without his/her knowledge,consent or connivance,and
  2. he/she had taken all reasonable precautions and exercised due diligence to prevent the commission of the offence.