DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

๐Ÿ‡ฒ๐Ÿ‡พ Malaysia

PDPA MY

Personal Data Protection Act 2010

In short
Malaysia's PDPA requires consent for processing personal data in commercial transactions, with explicit consent for sensitive data. Recent amendments add breach notification and a data protection officer requirement.
Region

Malaysia

Status

In force since 2013, amended 2024

Group

Asia & Africa

Who must comply

Persons who process or control personal data in respect of commercial transactions in Malaysia.

Penalties

Fines up to RM 1 million and imprisonment for certain offenses, with higher amounts introduced by the 2024 amendments.

Key obligations

  • Obtain consent for processing in commercial transactions
  • Get explicit consent for sensitive personal data
  • Provide a written notice of purpose in English and Malay
  • Honor access and correction requests
  • Notify breaches and appoint a data protection officer under the amendments

How ConsentX helps

Consent capture for commercial processing

Explicit opt-in for sensitive categories

Bilingual notice support in the banner

Access and correction request workflow

Region rule engine tuned for Malaysia

Get PDPA MY ready with ConsentX

Get started free Book a demo

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with PDPA MY using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under PDPA MY.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that PDPA MY requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a PDPA MY audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Does Malaysia's PDPA require consent?+

Yes. Processing personal data in commercial transactions requires consent, and sensitive data requires explicit consent.

Did Malaysia update its PDPA?+

Yes. The 2024 amendments add mandatory breach notification, a data protection officer requirement and higher penalties.

Countries under PDPA MY

๐Ÿ‡ฒ๐Ÿ‡พ Malaysia

Other regulations

๐Ÿ‡ช๐Ÿ‡บ GDPR๐Ÿ‡ฌ๐Ÿ‡ง UK GDPR๐Ÿ‡บ๐Ÿ‡ธ CCPA / CPRA๐Ÿ‡บ๐Ÿ‡ธ VCDPA๐Ÿ‡บ๐Ÿ‡ธ Colorado CPA๐Ÿ‡บ๐Ÿ‡ธ CTDPA๐Ÿ‡บ๐Ÿ‡ธ UCPA๐Ÿ‡บ๐Ÿ‡ธ TDPSA๐Ÿ‡บ๐Ÿ‡ธ Oregon OCPA๐Ÿ‡บ๐Ÿ‡ธ Montana MCDPA๐Ÿ‡บ๐Ÿ‡ธ Florida FDBR๐Ÿ‡ง๐Ÿ‡ท LGPD๐Ÿ‡จ๐Ÿ‡ฆ PIPEDA๐Ÿ‡ฎ๐Ÿ‡ณ DPDPA๐ŸŒ PDPA๐Ÿ‡ฟ๐Ÿ‡ฆ POPIA๐Ÿ‡จ๐Ÿ‡ญ FADP๐Ÿ‡จ๐Ÿ‡ฆ Law 25๐Ÿ‡ฒ๐Ÿ‡ฝ LFPDPPP๐Ÿ‡ฆ๐Ÿ‡ท PDPL๐Ÿ‡จ๐Ÿ‡ฑ Law 21.719๐Ÿ‡จ๐Ÿ‡ด Law 1581๐Ÿ‡ต๐Ÿ‡ช Law 29733๐Ÿ‡บ๐Ÿ‡พ Law 18.331