top of page

How conversant are the CIO/CTO/CISO in organisations in Malaysia of the EU GDPR - one year on.

Countries in Asia notably China, India, South Korea, Vietnam and Thailand have todate introduced or enhanced existing cybersecurity regulations or data protection legislation. Regulators in Indonesia are in the process of amending/enhancing/introducing cybersecurity regulations. 

For our country, the government has announced on several occasions, plans to introduce new cybersecurity laws and amendment/enhancement to the existing Personal Data Protection Act (PDPA). The Minister overseeing the PDPA was quoted to have said he is drawing inspiration from the EU's GDPR in looking at amending/enhancing the PDPA.

Even though data breach scandals in Malaysia are still very much limited - not because hackers are not looking at Malaysian organisations but the lack of statistical data is mainly due to these breaches not being made publicly or reported, the main gist of the GDPR if the government is to modeled it after the GDPR, is cracking down on data breaches.

The recent high profile data breach at Facebook and nearer to home, the breaches in the healthcare sector in Singapore should reinforced and justify the government's intention to revise / amend the existing PDPA to model it after the GDPR.

In the light of this, CIOs, CTOs CISOs in large organisations in Malaysia should ask themselves the question - how well do they know the GDPR? We urge the CIOs, CTOs and CISOs not leave this responsibility solely and squarely on the shoulders of their Legal & Compliance Department (LCD) or its equivalent. The LCD or its equivalent provides the legal advice but the practical implementation and compliance by the organization towards the proposed revised/enhanced PDPA rests principally on the IT departments.

The 'hammer' will come down on you when and if the existing PDPA is really revised and incorporates the principal elements of the GDPR and the Commissioner of the PDPA acts on the complaints thereafter.

Mirror mirror on the wall - should we get ourselves ready for the anticipated revision / enhancement of the existing PDPA?

Yes... you should.


bottom of page