On 31July 2024, the Personal Data Protection (Amendment) Act 2024 was adopted by the Malaysian Senate. The Amendment Act introduces the mandatory appointment of a data protection officer (DPO) for entities, the right to data portability for data subjects, contingent on technical feasibility, and the classification of biometric data as 'sensitive personal data'. Furthermore, the legislation increases penalties for breaches up to MYR 1'000'000 (ca. USD 200'000) and/or three years imprisonment and updates the terminology by replacing 'Data User' with 'Data Controller'. Additionally, personal data of deceased individuals will explicitly be excluded from the Act's scope.
Original source