Malaysia Personal Data Protection Act (PDPA)

Frequently asked questions about Malaysia PDPA

Frequently asked questions about Malaysia PDPA

  • What laws, regulations, and regulatory requirements on data protection or cybersecurity in Malaysia require special attention?

    Malaysia issued the Personal Data Protection Act (PDPA/Act709) on June 10, 2010 and came into force on November 15, 2013, providing a benchmark for the protection of personal data in Malaysia. PDPA has the highest legal effect and defines the basic principles and framework for the protection of personal data. Other regulations and standards must be formulated in accordance with PDPA.

    On 16 July 2024, the Personal Data Protection Act (Amendment) 2024 was passed after many years of review of the PDPA in Malaysia. The amendment makes significant changes to PDPA and aims to bring Malaysia's practices more in line with international data protection regimes.

    In addition, the Personal Data Protection Regulations 2013 issued also provide detailed operating regulations and requirements for specific matters of the PDPA to facilitate the implementation of the PDPA.

    HUAWEI CLOUD Compliance with Malaysia PDPA shares our experience and best practices in privacy protection and shows you how we can help you meet the PDPA requirements.

  • Where is my content data stored?

    Huawei Cloud has data centers in multiple regions around the world, including Asia, Europe, and the Americas. Data centers in each region are physically isolated. You can choose a region to deploy your services. For example, if you choose a regional site in Malaysia, your content data will be stored in the Malaysia-based data center. Huawei Cloud will not transfer your content data to other regions without your explicit consent, or unless other legal obligations are presented.


    If you need Huawei Cloud's assistance in the cross-border transfer of content data that contains personal data, contact and authorize Huawei Cloud. Huawei Cloud will transfer the data according to your authorization.

  • As a customer of Huawei Cloud, what is required of me under Malaysia's PDPA?

    Since you have full control over your content data, you should correctly identify all personal data on the cloud, use appropriate services, and develop security and personal data protection policies to ensure personal data security. In addition, you can use multiple privacy protection services provided by Huawei Cloud to strengthen personal data protection. For details, see section 2.3 in Huawei Cloud Compliance with Malaysia PDPA.

  • How can Huawei Cloud help me comply with Malaysia's PDPA?

    Huawei Cloud has conducted in-depth analysis of Malaysia's PDPA requirements to help you understand the different roles and responsibilities that you and Huawei Cloud have. In addition, Huawei Cloud provides a range of services that help you meet privacy protection requirements based on your service requirements. For details, see Huawei Cloud Compliance with Malaysia's PDPA.