Malaysia’s GDPR conference informs non-EU companies to comply

Malaysia has conducted its first EU GDPR conference, which aimed to shed further light on the European Union’s (EU’s) General Data Protection Regulation (GDPR).

The main takeaway from this conference being organised in Malaysia, is that the regulation applies to all organisations that collect, store and process data belonging to any EU citizen.

Therefore the regulation applies to organisations that provide services to EU organisations, that monitors EU-based individuals, or targets EU-based individuals with goods and services.

Why has it been introduced?

The GDPR was approved by the EU Parliament in April 2016 and came into effect on 25 May 2018. It aims to provide people with more control over their personal data. It achieves this by focusing and altering the way in which businesses are acquiring, storing and managing people’s private information.

Companies that are found to have breached or violated any part of the legislative package after initial sanctions can be fined up to RM 95.35 million or 4% of a company’s worldwide turnover, whichever is greater.
Malaysia’s Minister of Communications and Multimedia, Mr. Gobind Singh had keynoted at this event which targeted decision makers ofdata privacy, security, protection & risk as well as regulatory compliance.

This includes legal advisors, counsel, IT managers and yes, even export and import managers.

Malaysia’s own personal privacy efforts

In his keynote speech, Gobind pointed out Malaysians’ fortune to have in place ‘comprehensive laws on personal data protection, namely the Personal Data Protection Act 2010 (PDPA).

“It establishes duties throughout the Personal Data operational system of an organisation for the Personal Data it holds or controls including specific rules relating to the processing, retention, security and disclosure of personal data as well as access and correction respectively,” he said.

He observed that the GDPR imposes additional requirements which are not covered by our PDPA and called for MNCs and GLCs with business dealings with EU to take the necessary steps to comply with it, nevertheless.

“The Ministry, through the Department of Personal Data Protection, is in the midst of reviewing the PDPA, and the review is premised on the needs for effective and efficient implementation of PDPA, as well as to streamline with international requirements of personal data protection,” Gobind concluded.

The two-day conference organised by Iconic Training, aimed to help organisation be compliant to the EU regulation, by developing policies and procedures, as well as educate about rights and obligations under the GDPR.