Malaysia: Personal Data Protection Department closes consultation on data protection by design guideline

On 19 May 2025, the Personal Data Protection Department closes its consultation on data protection by design guidelines to support compliance with Malaysia’s Personal Data Protection Act (Act 709). The guidelines promote a shift from reactive to proactive data protection by embedding privacy considerations into the design, development, and implementation of systems and processes. It proposes a working definition of privacy by design aligned with international standards, outlines seven foundational principles, and provides guidance on integrating privacy by design into each data protection principle. The principles include privacy by default, privacy embedded into design, full functionality, end-to-end security, visibility and transparency, and respect for user privacy. The consultation sought feedback on the proposals, including measures for safeguarding children’s privacy and whether further guidance or practical examples should be included.