PUTRAJAYA: Data users who have not complied with the Personal Data Protection Act 2010 by Feb 15 should brace for legal action.
For some 25,000 data users, compliance includes registering with their regulator, PDPA commissioner Abu Hassan Ismail said.
“Processing (collecting and using) personal data for commercial transactions without registering is a crime punishable by a fine of up to RM500,000 or three years’ jail, or both, so we urge those who have yet to register to do so immediately,” said Abu Hassan.
However, with only about two weeks left, sources said that many data users were adopting a wait-and-see attitude. As of Jan 1, only around 300 data users have registered.
While Abu Hassan is confident the number will increase as the deadline draws closer, he urged data users not to take the registration lightly. “There are no plans to extend the deadline,” he said.
He added: “Data users who do not register will lose the opportunity to participate in the data user forums that will draw up the code of practice for compliance in individual sectors.”
The PDPA which came into force on Nov 15, last year stipulates that registration is compulsory for entities involved in the processing of personal data for commercial transactions from 11 sectors - communications, banking and finance, tourism and hospitality, transportation, education, insurance, health, direct selling, real estate, utilities and services such as law, architecture and accounting.
These include entities like Tenaga Nasional, telcos, Air Asia, private colleges and private hospitals. The Government is exempted under the PDPA.
The sectors were chosen due to their risk factor, said Abu Hassan. The annual registration fee is RM100 for sole proprietors, RM200 for partnership businesses, RM300 for private companies and RM400 for public companies.
“Even if you don’t fall under the 11 categories, you still need to comply with the Act,” Abu Hassan said.
“If you are collecting and processing people’s personal data for commercial transactions, you need to prepare, revise or improve your company’s privacy policy, procedure, process and system in compliance with the PDPA,” Abu Hassan said.
“We hope the different data users can also raise awareness with their users and clients or data subjects,” he said.
Already a subscriber? Log in
Get 20% OFF The Star Digital Access
Cancel anytime. Ad-free. Unlimited access with perks.
