Malaysia: Department of Personal Data Protection released guideline on management of data protection officer training service providers

On 1 August 2025, the Department of Personal Data Protection released the guideline on the management of data protection officer (DPO) training service providers developed pursuant to Sections 48(b) and 48(k) of the Personal Data Protection Act (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024. The guideline establishes a prospective recognition and oversight framework for DPO training service providers to ensure alignment with statutory requirements and competency expectations. It applies to all providers offering courses or programmes for appointed DPOs and sets standards for training content, delivery, trainer qualifications, assessment mechanisms, and quality assurance. Recognised providers must demonstrate subject-matter expertise and the capability to deliver structured training in areas including legal and regulatory knowledge, operational and risk awareness, professional conduct, scope of responsibilities, and DPO independence. The Guideline outlines application and renewal procedures for formal recognition, including eligibility criteria, required documentation, assessment processes, and potential revocation mechanisms. It must be read together with Act 709, the Data Protection Officer (DPO) Competency Guideline, and the DPO Professional Development Pathway and Training Roadmap, and may be supplemented by circulars or instruments issued by the Commissioner to maintain regulatory alignment and enforce compliance.