Malaysia: Department of Personal Data Protection released guideline on data protection officer competency

On 1 August 2025, the Department of Personal Data Protection released the data protection officer (DPO) competency guideline, which provides a structured framework for assessing and developing the functional competencies required of Data Protection Officers (DPOs) under the Personal Data Protection Act 2010 (Act 709), as amended by the Personal Data Protection (Amendment) Act 2024. The guideline sets out six core competency areas, namely advisory and support, risk management and assessment, compliance oversight and monitoring, audit and reporting, communications and stakeholder engagement, and regulatory and data subject management, mapped against a knowledge, skills, and abilities (KSA) model. These competencies are organised into two tiers: fundamental, which outlines minimum expectations for all DPOs, and advanced, which applies to complex environments requiring leadership of organisation-wide data protection strategies. The guideline is designed to be used in conjunction with the appointment of data protection officer guideline, the DPO professional development pathway and training roadmap, and the DPO training service providers guideline, and aims to support DPOs in exercising their responsibilities with sufficient independence and access to senior management, ensuring integrated and accountable data protection operations across all organisational functions.