PUTRAJAYA, Jan 16 — The Notification of Data Breach Guidelines and the Data Protection Officers Guidelines are among the seven guidelines that will be developed under the Personal Data Protection Act 2010 (Act 709), said Digital Minister Gobind Singh Deo.
He said the guidelines would be developed by the Department of Personal Data Protection (JPDP) through the Personal Data Protection Commissioner (PDP) and a company under the Ministry of Finance, namely Futurise Sdn Bhd.
“It is to set the minimum requirements and practical steps in managing and protecting personal data under the control of any individual or organisation that processes personal data in the country,” he said in his speech at the signing of a memorandum of understanding (MoU) between the department and Futurise here today.
The MoU was signed by JPDP director-general Prof Mohd Nazri Kama who is also PDP commissioner and Futurise chief executive officer Rosihan Zain Baharudin, and witnessed by Gobind and Digital Ministry secretary-general Datuk Rodzi Md Saad.
The other five guidelines are Data Portability Guidelines; Cross Border Data Transfer Guidelines and Mechanism; Data Protection Impact Assessment Guidelines; Privacy by Design Guidelines; and Profiling and Automated Decision Making Guidelines.
Gobind said Futurise is seen as having the ability and skills to help the PDP commissioner produce comprehensive standards and guidelines and improve the Personal Data Protection Standard that was developed in 2015.
In addition to the development of the guidelines, the two parties will also cooperate in the digitalisation process of the personal data protection portal that enables all data users defined under Act 709 to carry out online transactions for the new registration process of data protection officers.
He added that the rapid economic development and the latest technological innovation caused a sudden increase in the processing of personal data in addition to creating a risk of personal data leakage that needed to be controlled.
Gobind said the appointment of a data protection officer and the existence of the personal data breach notification is one of the internationally accepted practices where the officer is responsible for ensuring that data users comply with personal data protection laws and performing internal audits.
“It is important that we create a robust framework to protect people’s personal data and this MoU is very important as an effort to support the country’s digitalisation initiative,” he said.
Gobind said Act 709, which has been under review since 2018, is expected to be tabled at the Dewan Rakyat sitting this year, with the draft amendment to the bill now being finalised by the Attorney General’s Chambers.
“The amendments to Act 709 will focus on the needs of the present and that is why the seven guidelines will be developed,” he said.
Act 709 is an act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto. — Bernama