Personal Data Protection Act 2010 (PDPA) Case Study in Malaysia

Personal Data Protection Act 2010 (PDPA) Case Study in Malaysia. Background Information, A Case study related to the Personal Data Protection Act. Also, Suggestions to improve the Personal Data Protection Act 2010 (PDPA).  Example of Personal Data Protection policy of an organization.

Personal Data Protection Act

The personal data protection act refers to the written regulation of the government to protect consumers’ sensitive documents. PDPA is the acronym for the personal data protection act. The Malaysian government created and regulated the personal data protection act to protect consumers’ personal information, such as users’ names, IDs, and phone numbers.

Personal Data Protection Act 2010 in Malaysia

The Malaysian Parliament passed the Personal Data Protection Act 2010 (PDPA) of Act 709 in May 2010 (Personal Data Protection Act, n.d.). After passing the bill related to the Malaysian parliament’s data protection act 2010, the king sent it to get royal assent. On 2 June 2010, it received royal approval. The Malaysian government started implementing the Personal Data Protection Act 2010 on 15 November 2013 by notification in the government gazette. The prime objective of this act is to protect personal information from the perspective of commercial transactions.

The most general principle of this act is to prohibit people from using others’ data without consent. “Personal Data Protection Department (PDPD) is an agency under the Ministry of Communications and Multimedia Commission (MCMC).” The prime duty of the PAPD department is to supervise the handling of personal data of individuals related to commercial transactions. PAPD wants to ensure that no one misuses and misapplies the other party’s data without taking concern. The maximum penalty is between RM100k to 500k and or between 1 to 3 years imprisonment for non-compliance (Shahwahid & Miskam, 2014). No amendment or modification has been noticed in the Personal Data Protection Act 2010.

The PDPA 2010 act was a need to actualize to enable the consumer’s confidence in electronic commerce and business transactions. Before passing this act, the number of credit card fraud cases increased in Malaysia. The theft was selling personal data without customer consent. After passing the PDPA 2010, the amount of fraud cases related to bank cards has been reduced. Now people can trust the company to provide their personal information without hesitation. Therefore, companies and clients’ parties get benefits from the PDPA 2010 act.

Personal Data Protection Act 2010 Case Study

Due to the popularity of social media platforms, cybersecurity has become a major concern that would cause a personal data breach. In one of the cases from Facebook, in December 2019, the personal data of 267 million Facebook users were exposed to an online database. These personal data consist of users’ names, users’ IDs, and phone numbers.

Although Facebook contacted the internet service provider to remove these data from the servers after discovering the data leak, these data were also posted on a hacker forum already. Regarding the possible reason for this data breach, the security researcher of Facebook claimed that the data is most likely the result of exploiting Facebook’s Application Program Interface (API) by hackers. Thus, it is essential to enforce a personal data protection act in vulnerable cyberspace.

In addition, relating this act specifically to the Malaysian context, on 3 May 2017, Khas Cergas Sdn Bhd, the company that owns Vitoria International College, was charged in the Sessions Court for processing the personal data of the former employee without a valid certificate of registration issued by the Personal Data Protection Department (PDPD). Specifically, this case breached section 16 (1) of the PDPA, which requires the data users to register the applicant and issue a certificate of registration by the PDPD. The company allegedly committed the offense at its premises on June 6, 2016. After the Sessions Court judge, the charge under section 16 (4) of the PDPA claimed on conviction; the company would be liable to a maximum fine of RM 500,000 or imprisonment up to three years, or both (Attorney General’s Chambers of Malaysia, 2016).

 Why is PADA Relevant to the New Media?

With the rapid development and progress of science and technology, the medium of information dissemination is constantly changing. The release of the Personal Data Protection Act (PDPA) in Malaysia impacted the new media environment. Next, the author will talk about why the PDPA is relevant now with the new media environment.

Firstly, the Personal Data Protection Act (PDPA) gives people more control over their personal data. More and more people can easily get online due to the rapid development of the network. There are varieties of social media, such as Facebook, Twitter, WhatsApp, etc. People steal other information to misuse. Unfortunately, a lot of criminals catch the opportunity to steal other people’s personal information. There is no doubt that stealing personal information is a terrible thing. If everyone knew the benefits of the Personal Data Protection Act, people could use it to control their personal data. Thus, the Personal Data Protection Act is relevant now with the new media environment.

Secondly, the Personal Data Protection Act (PDPA) deals with personal data related to commercial transactions. Since humans appeared, business activities have not stopped. The release of the Personal Data Protection Act (PDPA) in Malaysia has significantly reinforced personal data protection concerning commercial transactions. It imposed strict restrictions on some people who collect and record data. There is no denying that this action protects the unauthorized use of personal information. Thus, the Personal Data Protection Act is relevant now with the new media environment.

Last but not least, the Personal Data Protection Act (PDPA) lets a person reduce unwanted telemarketing messages received.  Has an advertising call harassed you? Due to the popularity of mobile phones and some mobile devices, more and more people’s personal information does not feel leaked. People want a safe network environment where all information keep safe. Therefore, the Personal Data Protection Act(PDPA) is relevant now with the new media environment.

Suggestions to Improve the PDPA 2010

Although the establishment of PDPA has provided great help for protecting personal information at the commercial level, some problems have still been exposed after a long period of practice.

Firstly, we must reduce the impact on the personal data life cycle management process. Collection, use, storage, and destruction should be minimized in every aspect.

Secondly, comprehensively consider the operating methods of different companies and find the best and generally applicable specific terms to minimize the changes in business processes made by the company to adapt to the terms.

Third, establishing a central database to achieve unified management of global information can facilitate the integration of information and simplify cross-border personal data transmission. For example, everyone uses ZOOM to conduct virtual courses during the MCO. After installing ZOOM, there will usually be a pop-up window at the bottom of the screen “Allow ZOOM to obtain your location permission.”  Usually, no one cares about this problem, but you expose your geographical location. The next step is to bind the account.

Usually, everyone binds their Google account by default so that ZOOM directly obtains our email address. We recall further, what personal information did you provide when you first registered your Google account? Name, date of birth, nationality, region, these four items are the most basic personal privacy. Since we provide ZOOM with our Google mailbox, the personal information we leaked when registering Google mailbox does not rule out that ZOOM’s company has learned all of them. Imagine that strangers have completely wiped out the ID card and passport that you usually hide in the innermost layer of the wallet or the innermost drawer.

What should we do in this situation? We can only rely on legal protection. According to PDPA, “from a business perspective, the organization cannot use other people’s information without their permission.  When we registered with Google, it was equivalent to allowing Google to obtain and use our personal information.  However, for ZOOM, we only allow it to bind our Google account (Google mailbox), which does not mean that we also agree to it to obtain our name, age, nationality, and region.


With the rapid development and wide application of information technology, human beings have gradually entered the era of new media. The protection of personal data is also critical. In the media field, the continuous changes in media technology have profoundly impacted the media.

The Survey Report on the Protection of the Rights and Interests of Chinese Netizens (2015) shows that in the past year, netizens have lost approximately RMB 80.5 billion, or RMB 124 per capita, due to personal information leakage, spam, and fraudulent information. (The State Council Information Office of the People’s Republic of China. 2015). Personal data protection plays an important role in the media field. Personal data security even affects the security of collective interest, and the protection of corresponding laws and regulations is critical.

The world is suffering from data privacy leaks.  Therefore, the perfect way of solving the problem is to implement the privacy policy act. Many countries and regions in the world have strict regulations on data privacy and security. The release of PDPA in Malaysia has significantly reinforced personal data protection concerning commercial transactions.

Personal Data Protection Policy Example

The Personal Data Protection Policy sample conveys a better understanding of the Personal Data Protection policy. This is a  Personal Data Protection policy of a private university in Malaysia, Putra Business School.

Putra Business School Personal Data Protection Policy

Attorney General’s Chambers of Malaysia. (2016). Personal Data Protection Act 2010.

Personal Data Protection Act (n.d.). Retrieved from

Have question about this university?

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Reviews & Testimoinal

    Apply Online