The PDPA Amendment Act 2024 has changed the game. Non-compliance is no longer just a regulatory slip – it can hit the company’s wallet, leadership, and even day-to-day operations. Here’s what that looks like in practice:

1. Criminal Liability

The maximum fine has jumped to RM1 million.

Example: A retail chain collects loyalty card data but fails to encrypt its database. Hackers steal thousands of customer details. The company could now face fines close to RM1 million.

2. Criminal Liability

Company officers and directors can be held personally liable.

Example: A finance company leaves old customer files “unshredded” in an accessible storeroom. Regulators consider this negligence. The compliance manager and responsible director could face prosecution – not just the company.

3. Operational Disruption

The Commissioner can issue enforcement notices to suspend processing immediately.

Example: A healthcare provider experiences a major system breach. Until it proves its systems are secure, the regulator orders it to stop processing patient data. Clinics relying on the system grind to a halt – appointments, billing, and prescriptions all delayed.

4. Reputational Damage

Fines and notices are serious, but the loss of trust can be worse.

Example: A telco suffers a breach but delays disclosure. When news finally leaks, headlines dominate social media. Customers complain, competitors run campaigns highlighting their stronger protections, and the telco’s brand suffers long-term erosion.

---

Key Takeaway

Non-compliance now has teeth. The risks extend beyond the legal realm into finances, leadership accountability, operational continuity, and brand reputation.

This article is Part 2 of our PDPA Amendment Act 2024 series. If you missed Part 1, where we explain the key changes corporates need to know, you can read it PDPR: Part 1

Next, in Part 3, we set out practical steps your organisation can take to strengthen compliance and turn obligations into opportunities. Don’t miss it, PDPR: Part 3