Personal Data Protection Act (PDPA) in Malaysia: HR Compliance and the Safety of Your Data

By administrator   |  

A sense of anxiety is almost inseparable as we utilize online tools, which indeed cybersecurity and the importance of data protection are often undermined in Malaysia. Law regarding data security and privacy is often overlooked in Southeast Asia and with plenty of room left for improvement. In Malaysia, we do have a law concerning these cybersecurity issues, which is called the Personal Data Protection Act (PDPA). Read on the find out more about PDPA compliance HR practices in Malaysia.

Why do you need to know about PDPA?

  1. Since the pandemic, more businesses have increased their reliance on technology and online platforms to regulate day-to-day execution within an organization. 
  2. PDPA prohibits companies from processing your personal data without consent given. 
  3. PDPA protects you from others’ misuse of your data for unlawful activities.

Personal Data Protection Act (PDPA) in Malaysia Company

The Personal Data Protection Act 2019 (PDPA) will be fully effective on 1 June 2022, with a comprehensive framework for the protection of personal data and privacy rights. As we mentioned earlier, the act generally prohibits companies from processing employees’ personal data without consent, in which employees’ consent must be recorded in tangible form. However, there are also cases that yield sufficient rights as long as the employee understands the purpose of usage and given implied consent. 

The role of protecting data privacy seems to be heavily placed on the human resource (HR) department, as they are often the ones who deal with employees’ personal data. There are a few things to be established while being aligned with PDPA in Malaysia company:

  Personal data collection forms and privacy notice.

  Internal company policies with standard operating procedures for personal data management.

  Officers/Person-in-charge to ensure compliance with PDPA.

PDPA Compliance HR Practices

Upon hire, the company would acquire employees’ personal data, including contact details, bank accounts, and personal identifiers. HR is often given the task to collect and maintain these data for company usage. In the meantime, they are expected to ensure that the company is under the obligation to implement policies and enforce related practices to ensure their compliance with the PDPA.

Establish Internal Privacy Policies

The notice and choice principle of PDPA requires companies to inform employees, in the written notice, that personal data is being processed. A PDPA-compliance HR department is to provide employees with privacy notice which contains information regarding:

  Description of which data is being used

  Purpose of data usage

  Rights to request access and correction of submitted data

  Disclosure of data to third parties if any

  Choices and means to limit the data processing and disclosure

Employees should be notified of the usage of personal data as soon as it is being requested by HR or the company. An internal corporate privacy policy should be established to protect employees’ rights as stated in PDPA Malaysia.

Disclosure and Security Practices

The disclosure principle prohibits the disclosure of employees’ personal data without consent or being used for any purpose other than the one they agreed to. Working hand-in-hand, the security principle also imposes obligations whereby the company should make an effort to protect employees’ personal data during its processing from any loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction.

In any case, where employees’ data is processed by a third party, they should be notified and the measures of protection should be held the same. HR of the company is expected to be in charge of ensuring the third party abides by the technical and organizational security measures governing the processing in compliance with PDPA Malaysia.

Data Management

Keeping a record of everything could be mundane, nevertheless, it is best if the HR department practices data mapping. The data mapping should keep track of the procedures and details of data collection, usage, transfers, and storage. This is to prevent data leaks and unlawful usage of employees’ data.

Besides that, PDPA’s retention principle prohibits companies to retain personal data longer than it is necessary for its original purpose. The duty of HR is to ensure personal data is then permanently removed when the time frame expires.

Integrity Practices

One of PDPA-compliance HR practices is to make sure employees’ data is up-to-date, accurate, and complete. Some companies may have a regular check to update employees’ data while many rely on the employee’s voluntary updates. Employees are also given the right to access and correct their own data when it is outdated or incorrect. With the recent trend of utilizing HR systems and mobile apps, they offer a more convenient and hassle-free method to request updates.

PDPA and HR Software

Speaking of the perks of using HR systems or software, there are concerns that they may put companies at higher risk of privacy breaches or data leaks. In this case, the PDPA was seen as a key enabler to strengthen the protection of HR software consumers. As stated in Section 5(2) of the PDPA, non-compliance with any of the PDPA principles constitutes an offense and the penalty includes fines and/or imprisonment. Thus a PDPA-compliance HR software is deemed necessary to ease the workload of the HR department in a company while ensuring the safety of employee’s data.


Nowadays where technology is adapted to achieve higher levels of performance and efficiency, we as the users should understand the pros and cons. Regardless, the data owner or the data users should be protected against any risk and potential pinfall. The PDPA is enforced to impose strict requirements on personal data management, whereby the compliance with PDPA is likely to facilitate employees’ confidence in companies using PDPA-compliance HR software.

GreatDay HR 

GreatDay HR is a PDPA-compliance HR software where you can entrust us with the security and safety of your data. With our built-in function, we relieve the workload of the human resource department on a day-to-day basis. More importantly, we are fully compliant with General Data Protection Regulation (GDPR) as well as the PDPA. With our advanced system, we have ISO 9001:2015 Quality Management and ISO 27001:2013 Information Security certifications that guarantee your data is 100% safe with us.

Tags : pdpa compliance hr; pdpa malaysia company

Related Topics