KUALA LUMPUR: Malaysian organisations and businesses may have to deal with far more than expected with the European Union’s (EU) General Data Protection Regulation (GDPR), said K Pathma, a data protection consultant.
Pathma said, even though the data protection rules were passed to protect personal data of the EU citizens and businesses per se, the nature of the regulation is extraterrestrial.
“Yes it applies to their people (EU), but it doesn’t matter whether their people are there (EU countries) or anywhere else in the world. This means that a Malaysian hotel here for example, needs to adhere to GDPR when receiving an EU citizen as their customer,“ he told Bernama.
Pathma who is also the director of GRM Training Sdn Bhd said, GDPR which came into force on May 25 last year, was similar to our Personal Data Protection Act (PDPA) 2010, but it carried a higher standard set of rules.
“The GDPR is actually an innovative data protection regulation. For example, PDPA has not gone into technology, but GDPR has gone into it. in addition under GDPR, countries like Holland and France have already stated that ‘cookies’ will form part of GDPR regulations, while in PDPA we have not reached there, we haven’t identified them yet,“ he said.
Pathma added that more important for local organisations and businesses to be aware of was,the penalty for a breach of personal data under GDPR which could go up to €20 million per breach as compared to RM500,000 or jail under PDPA.
Last October, Communications and Multimedia Minister Gobind Singh Deo was reported as saying that Malaysia would need to review its Personal Data Protection Act (PDPA) 2010 from time to time to ensure that it is aligned with new developments, such as the introduction in May, of the European Union’s (EU) GDPR.
He noted that the GDPR, a new framework for data protection laws, applied to any company offering goods or services to consumers in the EU or European Economic Area.
This, he said, included Malaysian companies with business links or dealings with European countries.
According to Pathma, best case to study was when the France’s data protection regulator, CNIL, issued Google a €50 million (around RM229.7 million) fine, for failing to comply with its GDPR obligations.
Thus, Pathma said his company with the cooperation of Iconic Training Solutions, would be organising the first GDPR Conference in the country next Monday with its keynote address scheduled to be delivered by Gobind Singh.
The two-day conference at Istana Hotel will feature experienced speakers such as Prof Dr Abu Bakar Munir, internationally renowned expert on ICT Law and Data Protection Law, Peggy Chow, an experienced Technology, Media and Telecommunications lawyer specialising in data protection and Tom Reynolds a partner in the International Corporate Department of Trowers and Hamlins LLP.
Pathma said apart from creating awareness on GDPR, the conference could serve as a platform to churn ideas in updating PDPA, to ensure better data protection among Malaysians in the future. — Bernama
