PETALING JAYA: Malaysia is looking to update its data protection laws by the middle of next year to prevent data breaches, says Communications and Multimedia Minister Gobind Singh Deo.

He said the update could be modelled after the European Union’s General Data Protection Regulation (GDPR), which took effect in May.

“Malaysia needs to be on par with global legislation on data protection because Malaysians are not exposed to just local retailers but also other parties seeking to use their data for a variety of purposes.

“We should find ways to stop a breach before it gets out of hand.

“The GDPR was brought to my attention and the ministry is looking at it.

“By the middle of next year, hopefully, we will put something to the Parliament,” he said.

Speaking at The Future of Digital Advertising In A Privacy-First World forum at Menara Star here yesterday, Gobind noted that organisations that breached the GDPR could be fined up to 4% of their annual global turnover or €20mil (RM95.31mil).

“That is a lot. But that is what you need to do to send clear signals that you are serious about it.

“We have to reinvent departments that work with these (regulations).

“It is not enough to have a small team of people to deal with enforcing the Personal Data Protection Act (PDPA) 2010,” he said.

The PDPA came into force in November 2013.

Gobind also said Malaysia was looking to work with other Asean countries to develop a framework on data protection as well.

Meanwhile, during the panel discussion, CIMB Group group chief marketing officer Mohamed Adam Wee said companies should not collect data that they do not need.

“In some cases, customers’ personal data are not really required.

“These companies will still be able to market their products or services to the targeted audience without having to know their names or contact numbers,” he said.

AirAsia Group Bhd Group legal counsel and compliance manager Kelvin Xiawei said more automation was needed in the system to better manage customers’ data.

“We collect personal data to better serve our customers.

“Some of the data collected are required for security purposes.

“We do share the data with the subsidiaries of our group but customers can opt out and we also ensure that their data will be safe,” he said.