Putting our journalistic skills to use, so you get to sound smart.


If you’ve been receiving emails and messages from all kinds of companies all of a sudden telling you how important the safety of your personal data is to them, you are not alone. They were all doing it in order to comply with the Personal Data Protection Act 2010 (PDPA).

What is PDPA?

Big data is big business these days. Companies that collect our personal information – phone numbers, email addresses, spending habits, CCTV footage, etc. – essentially have very valuable data on their hands. The PDPA is all about making sure these companies or institutions (known as “data users”) don’t misuse it, and take all appropriate measures to protect it.
So why are they only emailing us about it now? That’s because the act came into force on Nov 15 last year, and the deadline for companies to comply with its regulations was Feb 15.

What are our rights?

For starters, institutions must notify and obtain consent from consumers now before they collect, process or disclose any of our personal information to a third party. They must also justify why they’re doing it.
But most importantly, consumers now have the right under the PDPA to access, correct and WITHDRAW their personal data from an institution.
So if you don’t like how your data is being used by an institution (like if they send you annoying, irrelevant emails or SMS alerts), you can ask them to delete your information from their database.

The figure fact

25,000 – The number of institutions classified as “data users” in Malaysia

8,000-10,000 – The number of complaints received by authorities every month about personal data being distributed without permission

500,000 – The amount in ringgit that data users could potentially be fined for not complying with PDPA. There’s also a jail term of up to three years.

Tell us what you think!

Go top