Gobind: Personal Data Protection Act under review amid global changes

The Department of Personal Data Protection is conducting the review, but no time frame has been set


The government is reviewing the Personal Data Protection Act 2010 (PDPA) to keep pace with global changes and challenges in the connected world.

Communications and Multimedia Minister Gobind Singh Deo said the European Union’s (EU) General Data Protection Regulation (GDPR), implemented in May last year, had forced companies to undertake a comparable data protection level.

“Malaysia has the PDPA which was formulated in 2010. But after nine years, there are so many new developments and it is important for the existing law to be amended to ensure that we are up-to-date with the current developments,” he said at the EU-GDPR Conference 2019 in Kuala Lumpur (KL) yesterday.

The review is being conducted by the ministry’s Department of Personal Data Protection, but no time frame has been set so far.

“We have begun reviewing the PDPA since last year, but it is still ongoing — and I hope that we will be able to formulate a new one or bring a proposed amendment to the Parliament,” he said.

The GDPR is Europe’s new legislation for data protection laws, aimed at giving EU citizens greater control over their personal information, while simplifying the regulatory environment for businesses.

In his keynote speech, Gobind said the review will be premised on the need for effective and efficient implementation of the PDPA, as well as to streamline with the international requirements on personal data protection.

He said industries need to strengthen their compliance in personal data governance in line with the development of personal data protection laws around the world.

The situation requires companies to adhere to the personal data protection principles and regulations to ensure the sustainability of businesses.

He said customers also need to have confidence in these entities and how they manage their clients’ data.

Gobind said the PDPA establishes duties throughout the personal data operational system of an organisation for the personal data it holds or controls, including specific rules relating to the processing, retention, security and disclosure of personal data, as well as access and correction, respectively.

“The GDPR, however, imposes additional requirements which are not under the PDPA.

“Nevertheless, multinational companies and government-linked companies that have business dealings in the EU and with EU citizens are required to take the necessary steps to comply with the GDPR.

“As for industry players, especially data users who have made preparations with regard to the PDPA, they are therefore positioned to embrace the GDPR,” he said.

Meanwhile, the World Congress on Information Technology (WCIT) 2020, which will be held in Penang on Sept 13-16, 2020, aims to generate over RM10 billion in investments.

Gobind — who also delivered the keynote speech at the WCIT 2020 launch in KL yesterday — said this is achievable, given that the WCIT 2008 hosted by KL secured total sales and investments worth RM8.3 billion with over 20,000 jobs created.

He said platforms such as WCIT 2020 would increase awareness of Internet possibilities and other information and communication technology, and what these technologies can bring to societies and economies.

On the ministry’s goal to double the speed and halve the prices of broadband Internet in Malaysia, Gobind said it has to date reduced fixed broadband prices by at least 34%, following the Mandatory Standard on Access Pricing implementation.

Moreover, a multi-stakeholder task force involving over 60 entities has been formed to develop the relevant recommendations for 5G implementation in Malaysia.

The results from the 5G testbed trials that will take place in April-October 2019 will be included in the task force report due for release in the fourth quarter of this year.