Digital Policy Alert logo

Malaysia: Personal Data Protection (Amendment) Act 2024 (Act A1727) including data protection regulation partially entered into force

Policy overview

Description

Personal Data Protection (Amendment) Act 2024 (Act A1727) including data protection regulation partially entered into force

On 1 April 2025, sections 2, 3, 4, 5, 8, 10, and 12 of the Personal Data Protection (Amendment) Act 2024 (Act A1727) entered into force, redefining terms by replacing "data user" with "data controller," classifying biometric data as sensitive personal data, imposing stricter penalties of up to MYR 1 million or three years' imprisonment for breaches, and excluding deceased individuals from the Act’s scope.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
central government

Complete timeline of this policy change

Hide details
2024-07-04
under deliberation

On 4 July 2024, the Cabinet of Malaysia announced proposed amendments to the Personal Data Protecti…

2024-07-10
under deliberation

On 10 July 2024, the Personal Data Protection (Amendment) Act 2024 was introduced into the House of…

2024-07-16
under deliberation

On 16 July 2024, the Personal Data Protection (Amendment) Act 2024 was passed by the Malaysian Hous…

2024-07-31
adopted

On 31July 2024, the Personal Data Protection (Amendment) Act 2024 was adopted by the Malaysian Sena…

2024-10-09
adopted

On 9 October 2024, the Personal Data Protection (Amendment) Bill was signed into law. The Act intr…

2025-01-01
in force

On 1 January 2025, sections 7, 11, 13, and 14 of the Personal Data Protection (Amendment) Act 2024 …

2025-04-01
in force

On 1 April 2025, sections 2, 3, 4, 5, 8, 10, and 12 of the Personal Data Protection (Amendment) Act…

2025-06-01
in force

On 1 June 2025, sections 6 and 9 of the Personal Data Protection (Amendment) Act 2024 (Act A1727) e…