Malaysia: Implemented Personal Data Protection Act 2010 (Act 709) including cross-border data transfer regulation

On 15 November 2013, the Malaysian Personal Data Protection Act 2010 (Act 709) entered into force. The Act regulates the processing of personal data in commercial transactions. According to Section 129, a data user shall not transfer any personal information of a data subject outside Malaysia. The Act also provides for certain exceptions for the transfer of data outside Malaysia, including if the data subject has given their consent to the transfer, the transfer is necessary for the performance of a contract, for the purpose of any legal proceedings, or on other reasonable grounds.