Malaysia: Announced Amendment to the Personal Data Protection Act 2010 (Act 709) including data protection regulation

On 4 July 2024, the Cabinet of Malaysia announced proposed amendments to the Personal Data Protection Act 2010 (Act 709). The Amendment Act would introduce the mandatory appointment of a data protection officer (DPO) for entities, the right to data portability for data subjects, contingent on technical feasibility, and the classification of biometric data as 'sensitive personal data'. Furthermore, the legislation would increase penalties for breaches up to MYR 1'000'000 (ca. USD 200'000) and/or three years imprisonment and update the terminology by replacing 'Data User' with 'Data Controller'. Additionally, personal data of deceased individuals would be explicitly excluded from the Act's scope. The amendments were approved by the cabinet and the bill is expected to be tabled in the current parliamentary session.