Malaysia legislation
Section 6
Section 6
The principal Act is amended in Part II by inserting after section 12 the following division:
“Division 1a
Accountability of personal data
Appointment of data protection officer 12a. (1) A data controller shall appoint one or more data protection officers who shall be accountable to the data controller for the compliance with this Act.
(2)
Where the processing of personal data is carried out by a data processor on behalf of the data controller, the data processor shall appoint one or more data protection officers who shall be accountable to the data processor for the compliance with this Act.
(3)
The data controller shall notify the Commissioner on the appointment of data protection officer in the manner and form as determined by the Commissioner.
(4)
The appointment of data protection officer under subsections (1) and (2) shall not discharge the data controller or data processor from all duties and functions under this Act.
Data breach notification 12b. (1) Where a data controller has reason to believe that a personal data breach has occurred, the data controller shall, as soon as practicable, notify the Commissioner in the manner and form as determined by the Commissioner.
(2)
Where the personal data breach under subsection (1)
causes or likely to cause any significant harm to the data subject, the data controller shall notify the personal data breach to the data subject in the manner and form as determined by the Commissioner without unnecessary delay.
Personal Data Protection (Amendment)
(3)
A data controller who contravenes subsection (1)
commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred and fifty thousand ringgit or imprisonment for a term not exceeding two years or to both.”.
Amendment of section 16