PUTRAJAYA: The Notification of Data Breach Guidelines and the Data Protection Officers Guidelines are among the seven guidelines that will be developed under the Personal Data Protection Act 2010 (Act 709), says Digital Minister Gobind Singh Deo (pic).
He said the guidelines would be developed by the Personal Data Protection Department (JPDP) through the Personal Data Protection Commissioner (PDP) and a company under the Finance Ministry, namely Futurise Sdn Bhd.
“It is to set the minimum requirements and practical steps in managing and protecting personal data under the control of any individual or organisation that processes personal data in the country,” he said in his speech at the signing of a memorandum of understanding (MOU) between the department and Futurise here on Tuesday (Jan 16).
The MOU was signed by JPDP director-general Prof Dr Mohd Nazri Kama who was also PDP Commissioner and Futurise chief executive officer Rosihan Zain Baharudin, and witnessed by Gobind and Digital Ministry secretary-general Datuk Rodzi Md Saad.
The other five guidelines were Data Portability Guidelines; Cross Border Data Transfer Guidelines and Mechanism; Data Protection Impact Assessment Guidelines; Privacy by Design Guidelines; and Profiling and Automated Decision Making Guidelines.
Gobind said Futurise was seen as having the ability and skills to help the PDP Commissioner produce comprehensive standards and guidelines and improve the Personal Data Protection Standard that was developed in 2015.
In addition to the development of the guidelines, the two parties would also cooperate in the digitalisation process of the personal data protection portal that enabled all data users defined under Act 709 to carry out online transactions for the new registration process of data protection officers.
He added that the rapid economic development and the latest technological innovation caused a sudden increase in the processing of personal data in addition to creating a risk of personal data leakage that needed to be controlled.
Gobind said the appointment of a data protection officer and the existence of the personal data breach notification was one of the internationally accepted practices where the officer was responsible for ensuring that data users comply with personal data protection laws and performing internal audits.
“It is important that we create a robust framework to protect people’s personal data and this MoU is very important as an effort to support the country’s digitalisation initiative,” he said.
Gobind said Act 709, which had been under review since 2018, was expected to be tabled at the Dewan Rakyat sitting this year, with the draft amendment to the bill now being finalised by the Attorney-General’s Chambers.
“The amendments to Act 709 will focus on the needs of the present and that is why the seven guidelines will be developed,” he said.
Act 709 was an act to regulate the processing of personal data in commercial transactions and to provide for matters connected therewith and incidental thereto. – BK