Malaysia: Introduced Personal Data Protection (Amendment) Act 2024 including data protection regulation

On 10 July 2024, the Personal Data Protection (Amendment) Act 2024 was introduced into the House of Representatives in the Malaysian Parliament. The Amendment Act introduces the mandatory appointment of a data protection officer (DPO) for entities, the right to data portability for data subjects, contingent on technical feasibility, and the classification of biometric data as 'sensitive personal data'. Furthermore, the legislation increases penalties for breaches up to MYR 1'000'000 (ca. USD 200'000) and/or three years imprisonment and updates the terminology by replacing 'Data User' with 'Data Controller'. Additionally, personal data of deceased individuals will explicitly be excluded from the Act's scope.