🛡️

Section 7: Rights and Consumer Protection

Data Privacy and PDPA

Your personal data protection rights

What is PDPA?

PDPA (Personal Data Protection Act) protects your personal information. Companies must handle your data properly.

Your rights:

✅ Know what data is collected
✅ Access your data
✅ Correct wrong data
✅ Withdraw consent
✅ Request data deletion

What is personal data?

Name, IC number
Phone number, address
Email address
Bank account details
Photos, fingerprints

Company obligations:

Get your consent before collecting
Use data only for stated purpose
Keep data secure
Not share without permission

If your data misused:

Complain to company first
If unresolved, report to PDPA department
Can claim compensation

Important numbers:

PDPA Department: 03-8883 4000
Website: pdpa.gov.my

Overview

The Personal Data Protection Act 2010 (PDPA) regulates how organizations handle your personal information. Understanding your rights helps protect your privacy.

7 PDPA Principles

1. General Principle:

Consent required for data processing
Must have lawful purpose

2. Notice and Choice Principle:

Must inform you about data collection
Must explain purpose
Must give choice to opt-out

3. Disclosure Principle:

Cannot share data without consent
Exceptions for legal requirements

4. Security Principle:

Must keep data secure
Must prevent unauthorized access

5. Retention Principle:

Cannot keep data longer than necessary
Must delete when no longer needed

6. Data Integrity Principle:

Must keep data accurate
Must update when informed

7. Access Principle:

You can access your data
You can correct errors

Your Rights Under PDPA

Right to access: Request copy of your data
Right to correct: Fix inaccurate data
Right to withdraw consent: Stop data processing
Right to prevent processing: Object to certain uses
Right to data portability: Transfer data to another provider

Common PDPA Violations

Violation	Example
Selling data without consent	Telemarketing calls
Inadequate security	Data breaches
Keeping data too long	Old customer records
Not allowing access	Refusing data requests

How to Protect Your Data

Read privacy policies
Only share necessary information
Use strong passwords
Enable two-factor authentication
Be cautious with public Wi-Fi
Regularly review privacy settings

Making a PDPA Complaint

Contact organization: Request resolution
Escalate if needed: Data Protection Officer
File complaint: PDPA Department
Provide evidence: Documentation of violation

Penalties for Violations

Fines up to RM500,000
Imprisonment up to 3 years
Both fine and imprisonment

Important Contacts

PDPA Department: 03-8883 4000
Website: pdpa.gov.my
Email: aduan@pdpa.gov.my

Frequently Asked Questions

Can I request company to delete my data?

Yes, under retention principle. However, some data must be kept by law (e.g., financial records for 7 years).

Does PDPA apply to all organizations?

PDPA applies to commercial transactions. Government agencies and personal/household data exempted.

How long does company have to respond to data request?

21 days from request. Can be extended with notice.

Can I claim compensation for PDPA violation?

Yes, you can sue for damages resulting from PDPA violations. File complaint with PDPA Department first.

Last updated: March 2026

Disclaimer: This guide provides general information only. Always verify with official sources for the most current information.