Malaysia: Adopted General Code of Practice of Personal Data Protection establishing new legal requirements for data processors

On 15 December 2022, the Malaysian Personal Data Protection Commissioner adopted the General Code of Practice (CoP) of Personal Data Protection, which established new legal requirements for data processors under the Personal Data Protection Act 2010 (PDPA). The new requirements include notifying data subjects on whether any sensitive data will be processed and measures taken to ensure its safety, the need for a data processor to establish a system for data records, develop a compliance framework with the CoP and PDPA, and allow data subjects deny the use of personal data for direct marketing. Violation of the CoP could result in a fine of up to MYR 100'000 or a jail term not exceeding one year.