The Adequacy of Data Protection Laws in Protecting Personal Data in Malaysia

  • Nurkhairina Binti Noor Sureani Faculty of Law, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia
  • Atikah Shahira Binti Awis Qurni Faculty of Law, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia
  • Ayman Haziqah Binti Azman Faculty of Law, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia
  • Mohd Bahrin Bin Othman Faculty of Law, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia
  • Hariz Sufi Bin Zahari Faculty of Law, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia
Keywords: personal data, data protection, data privacy, Personal Data Protection Act 2010


With the burgeoning technology, Malaysia has seen a staggering number of data breaches and data leaks within this past decade alone, with no signs of the trend decreasing. This has raised questions on whether the Personal Data Protection Act 2010 (PDPA) adequately protects the personal data of Malaysians. With the recent COVID-19 pandemic, data has been collected on a larger scale than before, with more frequent data leaks occurring. Hence, this study aims to analyse the adequacy of the PDPA by benchmarking it to the United Kingdom’s (UK) Data Protection Act 2018, which have seen a decrease in data breaches since the implementation of the new legislation. In this context, personal data refers to information processed or recorded that relates directly or indirectly to a data subject, who may be identified from the information and may include sensitive personal data. The study uses a doctrinal analysis methodology to best explore the ideas and concepts within the literature available regarding the protection of personal data. The study also employs a comparative analysis methodology by comparing the scope and application of Malaysian and UK legislation for benchmarking. The findings suggest that there are improvements to be made for the PDPA to be adequate.


Download data is not yet available.


Abdul Ghani, F. et al. (2020). An Overview of the Personal Data Protection Act 2010 (PDPA): Problems and Solutions. Global Business and Management Research: An International Journal, 12(4), 559-564.

Abdul Rahim, F., Ismail, Z., & Samy, G. N. (2017). Healthcare Employee’s Perception on Information Privacy Concerns. (International Conference on Research and Innovation in Information Systems.

Aggarwal, S. (2020). What is Data Protection and Why is it Important? (Financial Express, 7 September 2020), accessed on 30 January 2021.

Alibeigi, A & Munir, A. B. (2020). Malaysian Personal Data Protection Act, a Mysterious Application. University of Bologna Law Review, 52, 363-372.

Ayub, Z. A, & Mohamed Yusoff, Z.M. (2018). Right of Online Informational Privacy of Children in Malaysia: A Statutory Perspective. UUM Journal of Legal Studies, 221- 241.

Azman, A. et al. (2021). Privacy in the Era of Big Data: Unlocking the Blue Oceans of Data Paradigm in Malaysia. Malaysian Journal of Social Sciences and Humanities, 6(5), 203-212.

Balasingam, U., & Siddique Bhatti, S. Q. (2017). Between Lex Lata and Lex Ferenda: An Evaluation of the Extent of the Right to Privacy in Malaysia. Malayan Law Journal xxix.

Basarudin, N. A. et al. (2017). Smart Home Users’ Information in Cloud System: A Comparison Between Malaysian Personal Data Protection Act 2010 and EU General Data Protection Regulation. Malaysian Construction Research Journal, 2(2), 216.

Bouchagiar, G, & Bottis, M. C. (2018). The Right to Be Forgotten: Memory Holes as the Default? Amsterdam Privacy Conference.

Calder, A. (2016). EU GDPR: A Pocket Guide. IT Governance Publishing 2nd edn.

Chapree, C. (2021). Personal Data of More Than 11 million Malaysian Facebook Users Leaked Online. (Lowyat Net, 4 April 2021) accessed 13 June 2021.

Haga, Y. (2017). Right to be Forgotten: A New Privacy Right in the Era of Internet. New Technology, Big Data, and the Law 97-126.

Halili,K., Abdelhameed, A., & Ismail, N. (2018). Modern Means of Collecting Evidence in Criminal Investigations: Implications on The Privacy of Accused Persons in Malaysia. International Journal of Asian Social Science, 332-345.

Halsbury, H. S. G. (2017). Halsbury’s Laws of Malaysia. Malayan Law Journal, 16.

Hashim, N. & Mohd Yunos, A. S. (2018). Right to Privacy and Malaysian Practice: A Step Further in Recognising Another Aspect Human Rights. 5th International Conference on Science and Social Research.

Information Commissioner’s Office. (2021). Guide to the General Data Protection Regulation (GDPR): What is Personal Data? accessed 10 January 2021.

Islam, M.T., & Karim, M. T. (2019). A Brief Historical Account of Global Data Privacy Regulations and the Lessons for Malaysia. Journal of History Department, University of Malaya, 28(2), 169-186.

Kandiah, S. (2020). The Privacy, Data Protection and Cybersecurity Law Review: Malaysia” in Alan Charles Raul (ed) The Privacy, Data Protection and Cybersecurity Law Review (Law Business Research Ltd 2020) at p 283.

Kedzior, M. (2021). The Right to Data Protection and the COVID-19 Pandemic: the European Approach. ERA Forum, 533–543.

Kwan, C. K. H. (2020). Data Privacy for Lawyers: An Introduction. Legal Network Series (A) cxxxi.

Lago, C. (2020). The Biggest Data Breaches in Southeast Asia. CSO Online, 18 January 2020 accessed 10 January 2021

Lee Ewe Poh v Dr Lim Teik Man & Anor [2010] 1 LNS 1162

Lew Cher Phow @ Lew Cha Paw & Ors v Pua Yong Yang & Anor [2009] 1 LNS 1256

Lilynn, S. (2017). Brief Comparison Between the Malaysian Personal Data Protection Act 2010 and Other Jurisdictions. Legal Network Series (A) xlvi.

Mohamed Yusof, N. A., Ahmad, N. A., & Mohamed, Z. (2016). A Study on Collection of Personal Data by Banking Industry in Malaysia. Journal of Advanced Research in Business and Management Studies, 2(1), 39-49.

Mohamed, D. (2016). The Privacy Right and Right to be Forgotten: the Malaysian Perspectives. Indian Journal of Science and Technology, 9(1), 1-7.

Mohd Taib, J., & Jamil, M. T. (2018). Internet Privacy Challenge for Facebook Users in Malaysia”, Proceedings: Global Multidisciplinary Research Conference, Kuala Lumpur, 23 April 2018 accessed 10 June 2021.

Niessen, C. et al. (2019). Time to Forget: Intentional Forgetting in the Digital World of Work. Arbeit, 64(1), 30.

Nurul Azma Saidi Abdullah, Md & Ab Rahman, Nurul & Chuah, Chai Wen & A Hamid, Rahmi, I. (2017). Face Recognition For Criminal Identification: An Implementation of Principal Component Analysis For Face Recognition, accessed on 4 June 2020, available at

San, T. P. (2020). The Impact of the Personal Data Protection Act 2010 on Data Analytics in the Retail Industry. The Malayan Law Journal lxii-lxxxiii.

Sidi Ahmed, S. M., & Sonny, Z. (2019). Data Protection Challenges in the Internet of Things Era: An Assessment of Protection Offered by PDPA 2010. International Journal of Law, Government and Communication, 4(17), 1-12.

Sivarasa Rasiah v Badan Peguam & Anor (2010) 2 MLJ 333

Song, C. W. et al. (2010). Shielding Individual Peace in Modern Times: Debunking the Efficacy of the PDPA (2010) In Protecting Data and Privacy Rights”, (University of Malaya Law Review, 19 April 2020) accessed 29 January 2021.

Soon, V. R. H., & Cooray, M. (2021). Surveillance Technology and Cultural Notions of Privacy: Development of the Laws in Malaysia. The Malayan Journal clxix.

Swinhoe, D. (2019). Does GDPR Compliance Reduce Breach Risk?. (CSO Online, 20 March 2019) accessed 10 January 2021.

Taylor, M. J, Wallace, S. E, & Prictor, M. (2018). United Kingdom: Transfers of Genomic Data to Third Countries. Human Genetics, 137(8), 637-645.

Villaronga, E. F., Kieseberg, P., & Li, T. (2018). Humans forget, machines remember: Artificial intelligence and the Right to Be Forgotten. Computer Law & Security Review, 34(2), 304-313.

Wahyuningtyas, Yuliana, S. (2019). The Right to be Forgotten: Bargaining the Freedom of Information for the Right to Privacy? in Khoo Ying Hooi and Deasy Simandjuntak (ed) Exploring the Nexus between Technologies and Human Rights: Opportunities and Challenges in Southeast Asia (Southeast Asia Programme (SHAPE-SEA) 2019) at pp 39-48.

Walters, R., Trakman, L., & Zeller, B. (2021). Data Protection Law: A Comparative Analysis of Asia-Pacific and European Approaches. e-book,
Yaakob, H. (2016). Facing Up to the Legal Challenges Arising from the Human Variome Project. The Malayan Law Journal lxxix.

Yap, M. Y. (2019. Nearly 45,000 University Malaya login IDs and passwords were leaked by an anonymous hacker. (Mashable SE Asia, 19 October 2019) accessed 30 January 2021.

Yoon, C. C. S. et al. (2019). An Evaluation of the Malaysian Personal Data Protection Act 2010 and the Singaporean Personal Data Protection Act 2012. Legal Network Series (A) lxxxv

Yunus, R. (2019). Almost 200% Increase in Data Breach Attacks since 2018. The Malaysian Reserve (17 October 2019) accessed 24 December 2020.

Zwitter, A., Gstrein, O. J. (2020). Big Data, Privacy and COVID-19 – Learning from Humanitarian Expertise in Data Protection. Journal of International Humanitarian Action, 5(4).
How to Cite
Noor Sureani, N., Awis Qurni, A. S., Azman, A. H., Othman, M. B. and Zahari, H. S. (2021) “The Adequacy of Data Protection Laws in Protecting Personal Data in Malaysia”, Malaysian Journal of Social Sciences and Humanities (MJSSH), 6(10), pp. 488 - 495. doi: 10.47405/mjssh.v6i10.1087.

Most read articles by the same author(s)