Personal Data Protection Act 2010 (PDPA) Case Study in Malaysia

Personal Data Protection Act 2010 (PDPA) Case Study in Malaysia. Background Information, A Case study related to the Personal Data Protection Act. Also, Suggestions to improve the Personal Data Protection Act 2010 (PDPA).  Example of Personal Data Protection policy of an organization.

Personal Data Protection  Act

The personal data protection act refers to the written regulation of the government to protect consumer’s sensitive documents. PDPA is the acronym for the personal data protection act. The personal data protection act is a written policy created and regulated by the government to protect the personal information of consumers such as users’ names, users’ IDs, and phone numbers.

Personal Data Protection Act 2010 in Malaysia

The Malaysian Parliament passed the Personal Data Protection Act 2010 (PDPA) of Act 709 in May 2010 (Personal Data Protection Act, n.d.). After passing the bill related to the personal data protection act 2010 by the Malaysian parliament, it had been sent to the king for getting royal assent. On 2 June 2010, it was received royal assent. The Malaysian government started to implement the Personal Data Protection Act 2010 on 15 November 2013 by way of notification in the government gazette. The prime objective of this act is to protect personal information from the perspective of commercial transactions.

The most general principle of this act to prohibit people to use other’s personal data without consent. “Personal Data Protection Department (PDPD) is an agency under the Ministry of Communications and Multimedia Commission (MCMC)”. The prime duty of the PAPD department is to supervise the handling of personal data of individuals related to commercial transactions. PAPD wants to ensure that no one misuses and misapplies the other party’s data without taking concern. The maximum penalty is between RM100k to 500k and/or between 1 to 3 years imprisonment for non-compliance (Shahwahid & Miskam, 2014). There is no amendment or modification that has been noticed in the Personal Data Protection Act 2010.

The PDPA 2010 act was a need to actualized to enable the confidence of the consumer in electronic commerce and business transactions. Before passing this act, the credit card fraud cases increased in Malaysia. The theft was selling personal data without customer consent. After passing the PDPA 2010, the amount of fraud cases related to bank cards has been reduced. Now people can trust the company to provide their personal information without hesitation. Therefore, companies and clients’ parties get benefits from the PDPA 2010 act.

Personal Data Protection Act 2010 (PDPA) in Malaysia
Figure 1: Personal Data Protection Act 2010 (PDPA) in Malaysia


 Personal Data Protection Act 2010 Case Study

Due to the popularity of social media platforms, cybersecurity became a major concern that would cause a personal data breach. As one of the cases from Facebook, in December 2019, the personal data of 267 million Facebook users were exposed to an online database. These personal data consist of users’ names, users’ IDs, and phone numbers, which could be accessed by anyone through the database.

Although Facebook contacted the internet service provider to remove these data from the servers after discovering the data leak, however, the database was exposed online for two weeks which these data were also posted on a hacker forum already. Regarding the possible reason for this data breach, the security researcher of Facebook claimed that the data is most likely the result of exploiting Facebook’s Application Program Interface (API) by hackers. Thus, it is essential to enforce a personal data protection act in vulnerable cyberspace.

In addition, relating this act specifically in the Malaysian context, on 3 May 2017, Khas Cergas Sdn Bhd, the company that owns Vitoria International College was charged in the Sessions Court for processing personal data of the former employee without a valid certificate of registration issued by the Personal Data Protection Department (PDPD). Specifically, this case breached section 16 (1) of the PDPA in which requires the data users to register the applicant and issue a certificate of registration by the PDPD. The offense was allegedly committed by the company at its premises on June 6, 2016. After the Sessions Court judge, the charge which under section 16 (4) of the PDPA claimed on conviction, the company would be liable to a maximum fine of RM 500,000 or imprisonment up to three years, or both (Attorney General’s Chambers of Malaysia, 2016).

 Why PADA is Relevant to the New Media?

With the rapid development and progress of science and technology, the medium of information dissemination is constantly changing. The release of the Personal Data Protection Act (PDPA) in Malaysia had an impact on the new media environment. Next, the author will talk about my reasons for the PDPA is relevant now with the new media environment.

Firstly, the Personal Data Protection Act (PDPA) gives people more control over their personal data. More and more people can easily get online due to the rapid development of the network. There are varieties of social media, for example, Facebook, Twitter, WhatsApp, etc, in which people steal other information to misuse. Unfortunately, a lot of criminals catch the opportunity to steal other people’s personal information. There is no doubt that the stealing of personal information is a terrible thing. If everyone knew the benefits of the Personal Data Protection Act, people can use it to control their personal data. Thus, the Personal Data Protection Act is relevant now with the new media environment.

Secondly, the Personal Data Protection Act (PDPA) deals with personal data related to commercial transactions. Since the human appeared, business activities had not stopped. The release of the Personal Data Protection Act (PDPA) in Malaysia has significantly reinforced the protection of personal data in relation to commercial transactions. It imposed strict restrictions on some people who collect, record, and process personal data. There is no denying that this action protects the unauthorized use of personal information. Thus, the Personal Data Protection Act is relevant now with the new media environment.

Last but not least, the Personal Data Protection Act (PDPA) lets a person reduce unwanted telemarketing messages received.  Have you been harassed by an advertising call? Due to the popularity of mobile phones and some mobile devices, more and more people’s personal information does not feel leaked. People want a safe network environment where all information keep safe. Therefore, the Personal Data Protection Act(PDPA) is relevant now with the new media environment.

Suggestions to Improve the PDPA 2010

Although the establishment of PDPA has provided great help for the protection of personal information at the commercial level, after a long period of practice, some problems have still been exposed.

Firstly, we must reduce the impact on the personal data life cycle management process. Collection, use, storage, and destruction should be minimized in every aspect.

Secondly, comprehensively consider the operating methods of different companies and find the best and generally applicable specific terms to minimize the changes in business processes made by the company to adapt to the terms.

Third, the establishment of a central database to achieve unified management of global information can not only facilitate the integration of information but also simplify the process of cross-border personal data transmission. For example, during the MCO, everyone uses ZOOM to conduct virtual courses. After we install ZOOM, usually there will be a pop-up window at the bottom of the screen “Allow ZOOM to obtain your location permission”.  Usually, no one cares about this problem, but in fact, your geographic location has been exposed.  The next step is to bind the account.

Usually, everyone binds their Google account by default, so that ZOOM directly obtains our email address. We recall further, what personal information did you provide when you first registered your Google account? Name, date of birth, nationality, region, these four items are the most basic personal privacy. Since we provide ZOOM with our Google mailbox, the personal information that we leaked when registering Google mailbox does not rule out that ZOOM’s company has learned all of them. Imagine that the ID card and passport that you usually hide in the innermost layer of the wallet or in the innermost drawer have been completely wiped out by strangers.

What should we do in this situation? We can only rely on legal protection. According to PDPA, “from a business perspective, the organization cannot use other people’s information without his or her permission.  When we registered with Google, it was equivalent to allowing Google to obtain and use our personal information.  However, for ZOOM, we only allow it to bind our Google account (Google mailbox), which does not mean that we also agree to it to obtain our name, age, nationality, and region. This problem is exactly what needs to be resolved urgently.


With the rapid development and wide application of information technology, human beings have gradually entered the era of new media. The protection of personal data is also particularly important. In the media field, while the continuous changes in media technology have had a profound impact on the media, the privacy of personal data has been greatly challenged.

The Survey Report on the Protection of the Rights and Interests of Chinese Netizens (2015) shows that in the past year, netizens have lost approximately RMB 80.5 billion, or RMB 124 per capita, due to personal information leakage, spam, and fraudulent information. (The State Council Information Office of the People Republic of China. 2015). Personal data protection plays an important role in the media field. Personal data security even affects the security of collective interest, and the protection of corresponding laws and regulations is very important.

The world is suffering from data privacy leaks.  Therefore, the perfect way of solving the problem is to implement the privacy policy act. Many countries as well as regions in the world have strict regulations on data privacy and security. The release of PDPA in Malaysia has significantly reinforced the protection of personal data in relation to commercial transactions.

Personal Data Protection Policy Example

The sample of the Personal Data Protection Policy conveys a better understanding regarding the Personal Data Protection policy. This is a  Personal Data Protection policy of a private university in Malaysia, Putra Business School.

Putra Business School Personal Data Protection Policy

Attorney General’s Chambers of Malaysia. (2016). Personal Data Protection Act 2010.

Personal Data Protection Act (n.d.). Retrieved from



Company Rules and Regulations: Sample of Rules and Regulations of Company

Company Rules and Regulations, Company Rules and Regulations for Employees also Business Rules and Regulations. How To Write the Rule and Regulation of Company. Private company rules and regulations sample.

Company Rules and Regulations

Company rules and regulations mean a set of written policies made by the Company higher level of authority and bound to follow all employees and stakeholders. Rules and regulations help the organization protect from legal claims and maintain the business with a positive work environment.

Company Code of Conduct

Company the Code of Conduct refers to a collection of rules outlining the norms and responsibilities of the company. Failure of an employee to obey the rules and regulations as well as the code of conduct can bring negative consequences.

Rules and Regulations Examples
Company Rules and Regulations For Employees

The following rules and regulations shall impose on all employees of the company. Some rules and regulations include:

Firstly, every employee must have to follow and obey the act, guidance, policy, rules, and regulations imposed by the company authority and applicable from time to time.

Secondly, the company expects formal and acceptable behaviours from employees. The prime motive of the company is to attract customers through the outstanding conduct of the employees.

In addition, employees are liable to protect the company’s belongings what they are using for office purposes. They will be responsible for breaking any type of official equipment such as a computer, printer, scanner, camera, and so on. Employees can use the official equipment only for official purposes.

Our company very aware of maintaining the record, therefore, every employee has to be conscious to protect documents. The office will not accept any argument without proper evidence. Hence, employees should preserve official documents for future demand.

The company will not allow employees to work who are under the influence of alcoholic beverages during work time. Also, no employee shall drive the company’s vehicles or operate any official equipment under the influence of an alcoholic. Our Company do not inspire you to drink alcohol or prevent you from drinking alcohol; however, our Company suggest you not to drink alcohol when you are on duty.

Employees should have meals during break times. The Company will not allow extra time for having meals so employees are requested to utilize the break time wisely.


Our company is very alert to follow the employee’s ethical principles. The company will fire those employees who are indulged in corruption and bribery without notifying them.

Our Company prefer to create a friendly working environment. The Company will fire those employees who are indulged in sexual harassment. Therefore, every employee has to stay away from any types of oral and physical harassment.

Employees must have to inform the supervisor or manager at least one hour prior to starting work if they could be absent or late on that day. The Company really hate to see the employee come to the office late.

Every employee has to apply for a special vacation at least one month prior to the expected date of asking for a vacation.

Employees shall follow the dress code according to the directives of the company authorities. The Company prefer to see the employee in formal attire.

Our Company pay attention to effective communication, therefore, every employee should focus on maintaining a productive communication process during communication with clients, stakeholders, or colleagues.

The Company pay attention to the employee’s honesty, punctuality, motivation, innovation, integration while offering the promotion.

The Company will provide increment every year based on the employee’s personal performance.

Finally, If the employee does not meet the company’s expectations through their conduct and performance, the company can take corrective action on them.

Business Rules and Regulations
Fair competition

This company believes in protecting the principles of competition, economic freedom, and conducts company activities in line with those principles. Depending on the company strategies, it competes with other companies actively, autonomously as well as fairly. The Company’s collaborators are not hereunder authorized to establish with competitors formal or informal agreements.  All the business units have to follow the guideline provided by the company’s rules and regulations.


Our company always shows it’s keen to make a collaboration for mutual benefits. This company determines to keep a promise with other collaborative companies as per the agreement.

Relationships with shareholders

Shareholders need all the relevant information available in order to guide them. Our company creates the conditions so that there is widespread and informed participation of shareholders in decisions within their remit. It promotes equality of information.

Environmental Protection

The company has always considered the environment to be a vitally important asset. So our company is committed to protecting the environment. The company is seeking a balance between economic initiatives and important ecological concerns to consider the rights of future generations.


The company safeguards the principle of confidentiality of any data, information, and details about its activities.

Protection of human resources

Human resources are vitally important for the existence and development of our company. Therefore, we respect human resources and make room for implementing their creativity. Our company always inspires the blooming inner knowledge of the employees and outsiders.

Corruption and extortion

Our company is committed to implementing the necessary measures to prevent and combat bribery and extortion. This company is very strong-minded to eradicate any type of corruption from both inbound and outbound perspectives.

Company Rules and Regulations Sample Download Link

Rules and Regulations of the Magic Touch Private Company

An Infographic Sample of the Rules and Regulations of The Company

Company Rules and Regulations Rules and Regulations of The Company and Code of Conduct of the Company. How To Write the Rules and Regulations and Code of Conduct of the Company. The Sample of Rules and Regulations of The Company.