In more detail
While the appointment of DPO is not currently required under the Malaysian Personal Data Protection Act 2010 (PDPA), there have been recent proposals to introduce the same as a mandatory obligation on data users.
Under the Public Consultation Paper No. 01/2020 issued by the PDPD in February 2020, one of the proposals is to add a new provision in the PDPA to require a data user to appoint a DPO, who will be responsible to oversee data protection strategy and implementation in an organisation for compliance with the PDPA. More recently in August 2022, the then Communications and Multimedia Minister also proposed amendments to the PDPA to include a requirement to appoint a DPO.
The Survey currently seeks detailed feedback on the following:
- The role, responsibilities and tasks of a DPO
- The knowledge, ability and skill sets of a DPO
- Whether the Malaysian government should issue guidelines regarding the career advancement of a DPO
- Whether the Malaysian government should collaborate with the Board of Technologists (MBOT) to confer a professional recognition for a DPO
The Survey form can be accessed here. The last day to respond to the Survey is 21 December 2022 (Wednesday). Amendments to the PDPA to include the appointment of a DPO are likely after completion of the Survey.
* * * * *
This client alert was issued by Wong & Partners, a member firm of Baker McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner or equivalent in such a law firm. Similarly, reference to an "office" means an office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.