In Malaysia, the Personal Data Protection Act affects every single commercial business. Privacy is now paramount on the government’s agenda, with offenders liable to RM500,000 fines and up to 3 years imprisonment.
We have developed our PDPA assessment materials and programs since 2012, and have jointly conducted workshops around the country, along with the national enforcers, the Personal Data Protection Department of Malaysia, to clarify the myths of PDPA and to ensure practical implementation to comply to PDPA. We have 4 types of PDPA packages: Starter, Checklist, Assessment and Custom. Working with the Department, we ensure compliance to this new act is both practical and beneficial to our clients, without hitting the bottom line too hard.
Call us at +603 6203 1888 or email avantedge@pkfmalaysia.com for more details or promotional pricing for the packages.
1) Starter Package
This is for customers to “do it themselves”, with the basic document templates required based on the Personal Data Protection Act 2010 and the current subregulations. All that is required is to edit these templates. Implementation guidance is only from the policies, and the organisation will have to implement on their own and the responsibility of providing evidence of implementation of controls is entirely from the organisation. We won’t be verifying or validating any of the controls, as this is only on documentary level. This is a good starter package to immediately address the key PDPA issues from a documentation perspective. This will include any updates of code of practices we will get from time to time from the PDP Department.
2) Checklist Package
This includes everything in Starter, as well as our Checklist, which had been developed and discussed with government agencies. The Checklist, which covers all 7 principles in easy to understand explanations also maps to the current ISMS/PCI/COBIT standards, for the ones more inclined to technical audit. Using the checklist as implementation guidance, we expect most of our customers to be able to address most of the PDPA concerns in this package. Again, we cannot verify or validate the implementation or take any responsibility in the results, but in this instance, the roadmap for PDPA compliance is provided, and organisations to follow the checklist. Offsite support provided.
3) Assessment Package
This includes everything in Checklist, and also onsite gap assessment; scope definitions; implementation advisory, training and follow up assessment.This would be for customers looking for a comprehensive solution to address all of PDPA principles. Using this baseline, this could further launch the organisation into other compliance projects such as ISO27001 etc.
4) Custom package
This typically is for organisations who want us to do the implementation, instead of just assessment and advisory. This could be to locate resources onsite for the period of the project, to do project management; to do technical implementation etc.
The 7 Principles of PDPA
1: General – Principle of consent and processing of sensitive data
2: Notice & Choice – Informing data subjects via written notice on specific matters regarding information collection
3: Disclosure – Purpose, rights of data subject to access and correct data, as well as class of 3rd party to disclose to.
4: Security – Security policies and steps to protect data in terms of confidentiality, integrity and availability
5: Retention – Storage of data as long as justifiable; data destruction policies
6: Data Integrity – Ensure data is accurate, complete, up to date and not misleading
7: Access – Access for data subject to make corrections to the personal information.
Hi. We are a Software as a Service company and we wish to register under PDPA. But we do not know which class of data users should we register under.
Can you please advise us which class of data users are we falling under? Thank you.