Malaysia: Opened consultation on PDPD personal data protection standards

On 1 October 2024, the Personal Data Protection Department (PDPD) opened a public consultation on personal data protection standards (Paper no. 04/2024) in relation to amendments to the Personal Data Protection Act until 18 October 2024. In particular, the consultation focuses on changes, including transitioning to outcome-based standards that provide more flexibility for data controllers and processors to implement measures according to their risk levels instead of adhering to rigid, prescriptive rules. The proposed updates to the security standards aim to cover both electronic and physical data processing, introducing clearer guidelines on access control, data management, and third-party risk management. Furthermore, the standards include additional measures for data retention and disposal. In addition, the updated data integrity standards aim to improve data validation, quality monitoring, and data lifecycle management to ensure that personal data remains accurate, complete, and up-to-date. Finally, the consultation also introduces the possibility of voluntary certification schemes, such as ISO 27001, which organisations can use to demonstrate compliance with the PDPA and reduce potential liabilities.