Malaysia to see new personal data protection guidelines and standards under PDP and Futurise collaboration

PUTRAJAYA, Nov 18 — The Personal Data Protection (PDP) Commissioner and Futurise Sdn Bhd will release four guidelines and one standard by early 2025, while the remaining three guidelines will be released in the third quarter of 2025.

A joint statement issued by PDP and Futurise today said the guidelines to be released by early next year are the Data Protection Officer, Data Breach Notification, Cross-border Data Transfer and Data Portability, including the revised version of the Personal Data Protection Standard.

“These guidelines are set to provide clear, actionable frameworks for the private sectors to ensure compliance with evolving data protection regulations and international standards.

“It also addresses critical areas such as data handling, storage, access control, and breach management, empowering businesses and organisations to adopt best practices for safeguarding personal data,” it said.

The guidelines are aimed at strengthening data protection standards and as part of the regulatory sandbox deliverables.

By releasing these guidelines, PDP and Futurise are on track to complete guidelines and standards under Act 709 by the end of this year.

The statement said it was a significant step forward following the Memorandum of Understanding (MoU) signed between the two organisations in early 2024, which laid the groundwork for this joint effort to support Malaysia’s data protection and privacy landscape.

“The development of the guidelines is also in line with the recent amendment of the Personal Data Protection Act 2010 (Act 709), which was approved by Parliament in July 2024 and gazetted on Oct 17, 2024,” it said.

Meanwhile, Department of Data Protection (JPDP) director-general Prof Dr Mohd Nazri Kama, who is also the PDP Commissioner, said the collaboration with Futurise’s regulatory sandbox allows PDP to establish guidelines that are not only in compliance with international standards but also tailored to Malaysia’s unique regulatory environment.

“As Malaysia embraces its digital transformation, ensuring the privacy and security of personal data becomes paramount. We are confident that the guidelines will serve as a valuable resource for all stakeholders involved in the management of personal data,” Mohd Nazri said.

Futurise chief executive officer Rosihan Zain Baharudin said data protection is not only about compliance but also ensuring trust in the digital economy.

“Our regulatory sandbox reflects our commitment to creating a robust framework that is inclusive as it takes into account input from various stakeholders that will empower organisations to uphold the highest standards in data security,” he said. — Bernama