The General Code of Practice of Personal Data Protection introduces new legal requirements to be complied with by data users caught within its ambit. It also seeks to provide best practice recommendations with respect to the implementation of principles under the Personal Data Protection Act 2010 and its subsidiary legislation.
Some of the new legal requirements include providing additional mandatory information in a personal data protection notice, complying with any data subjects’ written request not to process their personal data for direct marketing within reasonable time, maintaining a personal data system, and establishing a PDPA compliance framework.

The Malaysian Personal Data Protection Department has just published a questionnaire on Data Protection Officer (DPO) to gather market feedback on the role and qualification of a DPO in Malaysia . The deadline to respond to the Survey is 21 December 2022.

The interim chairman of Malaysian Communications and Multimedia Commission announced that MCMC is undertaking a review of the current online content regulation and framework. This was shared following recent publication of online content deemed to be harmful to national security and harmony. He also noted that countries in the region such as Indonesia, Singapore and Australia have introduced direct regulatory oversight on social media service providers, holding them to greater accountability and responsibility when managing harmful content.

Following a public consultation held in early 2020, certain amendments to the Malaysian Personal Data Protection Act 2010 will be tabled at the Malaysian Parliament for approval in October 2022. These proposals will introduce new obligations on both data users and data processors.

Following the public consultation held in late 2021 on proposed changes to the Malaysian Communications and Multimedia Content Code (“Content Code”), the Communications and Multimedia Content Forum of Malaysia has now issued the revamped version of the Content Code effective from 30 May 2022.

Earlier this year, the Malaysian Personal Data Protection Department released several documents to aid data users in their compliance with the Malaysian Personal Data Protection Act 2010 – these include a guide on privacy notices, new codes of practice applicable to the private healthcare industry and the water utilities industry, as well as circulars reminding prescribed classes of data users of their registration obligations.

Subsequent to our client alert issued in November 2021 in relation to cloud service regulation in Malaysia, the Malaysian Communications and Multimedia Commission has since shed light on the scope of the licensing regime and the availability of a grace period until 31 March 2022 to those affected to fully comply with the new licensing requirement.

The Communications and Multimedia Content Forum of Malaysia has issued a public consultation paper titled “Revamp of the Malaysian Communications and Multimedia Content Code”, proposing a number of changes to the prohibitions, restrictions and requirements on electronic content, particularly in relation to advertising, as well as broader implications for online service providers and online marketplace operators. The closing date for submission of feedback to the Content Forum is 10 December 2021.