/akn/my/act/pua/2013/335

PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013

The full official text, structured for quick navigation. Copy any provision or jump straight to a section.

Open source PDF
Type
P.U. (A)
Status
In force
Enacted
2013
Sections
15

Quick answer

About this p.u. (a)

PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 is Malaysia P.U. (A), cited as P.U. (A) 335 2013, currently marked in force and first recorded in 2013.

Opening note

Preamble

Suggest a correction
  1. PADA menjalankan kuasa yang diberikan oleh seksyen 143 Akta Perlindungan Data Peribadi 2010 [Akta 709], Menteri membuat peraturan-peraturan yang berikut:

Bahagian I

BAHAGIAN I

Seksyen 2

Dalam Peraturan-Peraturan ini, melainkan jika konteksnya menghendaki makna yang lain—

Open as pageSuggest a correction

“pegawai pemeriksa” ertinya seorang pegawai yang diambil kerja oleh

Pesuruhjaya di bawah seksyen 51 Akta bagi maksud menjalankan suatu pemeriksaan di bawah seksyen 101 Akta;

“standard” ertinya suatu kehendak minimum yang dikeluarkan oleh Pesuruhjaya, yang memperuntukkan, bagi kegunaan biasa dan berulang, kaedah-kaedah, garis panduan atau ciri-ciri bagi aktiviti atau keputusan aktiviti itu, yang matlamatnya adalah pencapaian peringkat susunan yang optimum dalam sesuatu konteks yang diberikan.

P.U. (A) 335 5

Bahagian II

BAHAGIAN II

PRINSIP PERLINDUNGAN DATA PERIBADI

Suggest a correction

Prinsip Am

Persetujuan subjek data

Seksyen 3

Open as pageSuggest a correction

(1)

Seorang pengguna data hendaklah memperoleh persetujuan daripada seorang subjek data berhubung dengan pemprosesan data peribadi dalam apa-apa bentuk yang persetujuan itu boleh direkodkan dan disenggarakan dengan sewajarnya oleh pengguna data itu.

Suggest a correction

(2)

Sekiranya bentuk persetujuan dalam subperaturan (1) yang diberikan melibatkan juga perkara lain, kehendak untuk memperoleh persetujuan hendaklah dikemukakan secara berbeza dalam pengemukaaannya daripada perkara lain itu.

Suggest a correction

(3)

Seorang pengguna data hendaklah mendapatkan persetujuan yang disebut dalam subperaturan (1) daripada ibu bapa, penjaga atau seseorang yang mempunyai tanggungjawab ibu bapa terhadap subjek data, sekiranya subjek data itu berumur bawah lapan belas tahun.

Suggest a correction

(4)

Seorang pengguna data hendaklah mendapatkan persetujuan yang disebut dalam subperaturan (1) daripada seseorang yang dilantik oleh mahkamah untuk menguruskan hal-ehwal subjek data atau seseorang yang diberikan kuasa secara bertulis oleh subjek data untuk bertindak bagi pihaknya sekiranya subjek data itu tidak berupaya untuk menguruskan hal-ehwalnya sendiri.

Suggest a correction

(5)

Beban pembuktian bagi persetujuan yang disebut dalam subperaturan (1)

hendaklah terletak pada pengguna data.

P.U. (A) 335 6

Prinsip Notis dan Pilihan

Perincian tentang pengguna data

Suggest a correction

Seksyen 4

Open as pageSuggest a correction

Bagi maksud perenggan 7(1)(d) Akta, pengguna data hendaklah sekurang-kurangnya memberikan subjek data perincian seperti yang berikut:

(e)

apa-apa maklumat lain yang berkaitan.

Prinsip Penzahiran

Senarai penzahiran

Suggest a correction

Seksyen 5

Open as pageSuggest a correction

Pengguna data hendaklah menyimpan dan menyenggara suatu senarai penzahiran kepada pihak ketiga bagi maksud perenggan 8(b) Akta berhubung dengan data peribadi subjek data yang telah atau sedang diproses olehnya.

Prinsip Keselamatan

Seksyen 6

Polisi keselamatan

Open as pageSuggest a correction

(1)

Pengguna data hendaklah membangunkan dan melaksanakan suatu polisi keselamatan bagi maksud seksyen 9 Akta.

Suggest a correction

(2)

Pengguna data hendaklah memastikan polisi keselamatan yang disebut dalam subperenggan (1) mematuhi standard keselamatan yang ditetapkan dari semasa ke semasa oleh Pesuruhjaya.

P.U. (A) 335 7

Suggest a correction

(3)

Pengguna data hendaklah memastikan bahawa standard keselamatan dalam memproses data peribadi dipatuhi oleh mana-mana pemproses data yang menjalankan pemprosesan data peribadi bagi pihak pengguna data itu.

Prinsip Penyimpanan

Standard penyimpanan

Suggest a correction

Seksyen 7

Open as pageSuggest a correction

Bagi maksud seksyen 10 Akta, data peribadi seorang subjek data hendaklah disimpan mengikut standard penyimpanan yang ditetapkan dari semasa ke semasa oleh

Pesuruhjaya.

Prinsip Integriti Data

Seksyen 8

Standard integriti data

Open as pageSuggest a correction

Bagi maksud seksyen 11 Akta, pengguna data hendaklah memproses data peribadi mengikut standard integriti data yang ditetapkan dari semasa ke semasa oleh

Pesuruhjaya.

Prinsip Akses

Seksyen 9

Permintaan mengakses data

Open as pageSuggest a correction

(1)

Jika seorang subjek data tidak menghendaki suatu salinan data peribadi, subjek data hendaklah memaklumkan secara bertulis tentang niatnya kepada pengguna data apabila membuat permintaan mengakses data peribadinya.

Suggest a correction

(2)

Apabila pengguna data menerima permintaan mengakses data daripada subjek data menurut subseksyen 30(2) Akta, pengguna data hendaklah mengakui penerimaan permintaan itu.

P.U. (A) 335 8

Keengganan permintaan mengakses data

Suggest a correction

Seksyen 10

Open as pageSuggest a correction

Bagi maksud perenggan 32(1)(a) dan (b) Akta, “apa-apa maklumat yang dikehendaki dengan munasabah olehnya” ertinya nama, nombor kad pengenalan, alamat dan apa-apa maklumat lain yang berkaitan sebagaimana yang boleh ditentukan oleh

Pesuruhjaya.

Seksyen 11

Penerimaan permintaan pembetulan data

Open as pageSuggest a correction

Apabila menerima permintaan pembetulan data menurut subseksyen 34(1) Akta, pengguna data hendaklah mengakui penerimaan permintaan itu.

Seksyen 12

Penalti

Open as pageSuggest a correction

dan 8 melakukan kesalahan dan boleh, apabila disabitkan, didenda tidak melebihi dua ratus lima puluh ribu ringgit atau pemenjaraan selama tempoh tidak melebihi dua tahun atau kedua-duanya.

Bahagian III

BAHAGIAN III

Seksyen 13

Open as pageSuggest a correction

Pesuruhjaya boleh memberitahu pengguna data secara bertulis tentang niatnya untuk menjalankan pemeriksaan di bawah seksyen 101 Akta.

Seksyen 14

Sistem data peribadi hendaklah terbuka untuk pemeriksaan

Open as pageSuggest a correction

(1)

Sistem data peribadi hendaklah pada sepanjang masa yang munasabah terbuka untuk diperiksa oleh Pesuruhjaya atau mana-mana pegawai pemeriksa.

Suggest a correction

(2)

Bagi maksud pemeriksaan di bawah seksyen 101 Akta , Pesuruhjaya atau pegawai pemeriksa boleh menghendaki pengemukaan kepadanya—

(a)

berhubung dengan prinsip am, rekod persetujuan daripada subjek data yang disenggara berkenaan dengan pemprosesan data peribadi oleh pengguna data;

P.U. (A) 335 9

Suggest a correction

(b)

berhubung dengan prinsip notis dan pilihan, rekod notis bertulis yang dikeluarkan oleh pengguna data kepada subjek data mengikut seksyen 7 Akta;

Suggest a correction

(c)

berhubung dengan prinsip penzahiran, senarai penzahiran kepada pihak ketiga bagi maksud perenggan 8(b) Akta berkenaan dengan data peribadi yang telah atau sedang diproses olehnya;

Suggest a correction

(d)

berhubung dengan prinsip keselamatan, polisi keselamatan yang dibangunkan dan dilaksanakan oleh pengguna data bagi maksud seksyen 9 Akta;

Suggest a correction

(e)

berhubung dengan prinsip penyimpanan, rekod pematuhan mengikut standard penyimpanan;

Suggest a correction

(f)

berhubung dengan prinsip integriti data, rekod pematuhan mengikut standard integriti data; atau

Suggest a correction

(g)

apa-apa maklumat lain yang berkaitan yang disifatkan perlu oleh

Pesuruhjaya atau pegawai pemeriksa.

Suggest a correction
Suggest a correction

Bahagian IV

BAHAGIAN IV

NOTIS PENGUATKUASAAN

Suggest a correction

Permohonan perubahan atau pembatalan notis penguatkuasaan

Seksyen 15

Open as pageSuggest a correction

Suatu permohonan perubahan atau pembatalan notis penguatkuasaan oleh pengguna data yang berkaitan kepada Pesuruhjaya di bawah seksyen 109 Akta hendaklah dibuat secara bertulis.

P.U. (A) 335 10

Dibuat 24 Oktober 2013

[KPKK/PUU 800-8/15; PN(PU2)712]

DATO’ SRI AHMAD SHABERY CHEEK

Menteri Komunikasi dan Multimedia

P.U. (A) 335 11

PERSONAL DATA PROTECTION ACT 2010

PERSONAL DATA PROTECTION REGULATIONS 2013

____________________________

Opening note

Preamble

Suggest a correction
  1. IN exercise of the powers conferred by section 143 of the Personal Data Protection Act 2010 [Act 709], the Minister makes the following regulations:

Bahagian I

PART I

(1)

These regulations may be cited as the Personal Data Protection

Regulations 2013.

Suggest a correction

(2)

These Regulations come into operation on 15 November 2013.

Interpretation 2.

In these Regulations, unless the context otherwise requires—

“inspection officer” means an officer employed by the Commissioner under section 51 of the Act for the purposes of carrying out an inspection under section 101 of the Act;

“standard” means a minimum requirement issued by the Commissioner, that provides, for common and repeated use, rules, guidelines or characteristics for activities or their results, aimed at the achievement of the optimum degree of order in a given context.

P.U. (A) 335 14

Suggest a correction

Bahagian II

PART II

PERSONAL DATA PROTECTION PRINCIPLES

Suggest a correction

General Principle

Consent of data subject 3.

(1)

A data user shall obtain consent from a data subject in relation to the processing of personal data in any form that such consent can be recorded and maintained properly by the data user.

Suggest a correction

(2)

If the form in which such consent in subregulation (1) is to be given also concerns another matter, the requirement to obtain consent shall be presented distinguishable in its appearance from such other matter.

Suggest a correction

(3)

A data user shall obtain consent referred to in subregulation (1) from the parent, guardian or person who has parental responsibility on the data subject, if the data subject is under the age of eighteen years.

Suggest a correction

(4)

A data user shall obtain consent the consent referred to in subregulation (1) from a person who is appointed by a court to manage the affairs of the data subject or a person authorized in writing by the data subject to act on his behalf if the data subject is incapable of managing his own affairs.

Suggest a correction

(5)

The burden of proof for such consent referred to in subregulation (1) shall lie on the data user.

Notice and Choice Principle

Details of data user 4.

For the purposes of paragraph 7(1)(d) of the Act, the data user shall at least provide the data subject the details as follows:

(a)

designation of the contact person;

P.U. (A) 335 15

Suggest a correction

(e)

such other related information.

Disclosure Principle

List of disclosure 5.

The data user shall keep and maintain a list of disclosure to third parties for the purposes of paragraph 8(b) of the Act in relation to personal data of the subject data that has been or is being processed by him.

Security Principle

Security policy 6.

Suggest a correction
Suggest a correction

(1)

The data user shall develop and implement a security policy for the purposes of section 9 of the Act.

Suggest a correction

(2)

The data user shall ensure the security policy referred to in subregulation (1) complies with the security standard set out from time to time by the

Commissioner.

Suggest a correction

(3)

The data user shall ensure that the security standard in the processing of personal data be complied with by any data processor that carry out the processing of the personal data on behalf of the data user.

P.U. (A) 335 16

Retention Principle

Retention standard 7.

For the purposes of section 10 of the Act, the personal data of a data subject shall be retained in accordance with the retention standard set out from time to time by the

Commissioner.

Data Integrity Principle

Data integrity standard 8.

For the purposes of section 11 of this Act, the data user shall process the personal data in accordance with the data integrity standard set out from time to time by the

Commissioner.

Access Principle

Data access request 9.

Suggest a correction

(1)

Where a data subject does not require a copy of the personal data, he shall inform the data user in writing of his intention upon making a data access request of his personal data.

Suggest a correction

(2)

Upon receiving the data access request pursuant to subsection 30(2) of the

Act, the data user shall acknowledge the receipt of such request.

Refusal of data access request 10.

For the purposes of paragraphs 32(1)(a) and (b) of the Act, “such information as he may reasonably require” means name, identification card number, address and such other related information as the Commissioner may determine.

Receipt of data correction request 11.

Upon receiving the data correction request pursuant to subsection 34(1) of the

Act, the data user shall acknowledge the receipt of such request.

P.U. (A) 335 17

Penalty 12.

Any data user who contravenes subregulation 3(1), regulations 6, 7 and 8

commits an offence and shall, on conviction, be liable to a fine not exceeding two hundred and fifty thousand ringgit or imprisonment for a term not exceeding two years or to both.

Suggest a correction

Bahagian III

PART III

INSPECTION

Suggest a correction

Notice of inspection 13.

The Commissioner may notify the data user in writing of his intention to carry out an inspection under section 101 of the Act.

Personal data system to be open for inspection 14.

(1)

The personal data system shall at all reasonable times be open to the inspection of the Commissioner or any inspection officer.

Suggest a correction

(2)

For the purposes of inspection under section 101 of the Act, the

Commissioner or the inspection officer may require the production before him—

(a)

in relation to general principle, the record of the consent from a data subject maintained in respect of the processing of personal data by the data user;

Suggest a correction

(b)

in relation to notice and choice principle, the record of a written notice issued by the data user to the data subject in accordance with section 7 of the Act;

Suggest a correction

(c)

in relation to disclosure principle, the list of disclosure to third parties for the purposes of paragraph 8(b) of the Act in respect of personal data that has been or is being processed by him;

P.U. (A) 335 18

Suggest a correction

(d)

in relation to security principle, the security policy developed and implemented by the data user for the purposes of section 9 of the

Act;

Suggest a correction

(e)

in relation to retention principle, the record of compliance in accordance with the retention standard;

Suggest a correction

(f)

in relation to data integrity principle, the record of compliance in accordance with the data integrity standard; or

Suggest a correction

(g)

such other related information which the Commissioner or any inspection officer deems necessary.

Suggest a correction
Suggest a correction

Bahagian IV

PART IV

ENFORCEMENT NOTICE

Suggest a correction

Application of variation or cancellation of enforcement notice 15.

An application of variation or cancellation of enforcement notice by the relevant data user to the Commissioner under section 109 of the Act shall be made in writing.

Made 24 October 2013

[KPKK/PUU 800-8/15; PN(PU2)712]

DATO’ SRI AHMAD SHABERY CHEEK

Minister of Communications and Multimedia

Common questions

What is PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013?
PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 is Malaysia P.U. (A), cited as P.U. (A) 335 2013, currently marked in force and first recorded in 2013.
Is PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 still in force?
Yes — PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 is currently in force.
When did PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 take effect?
PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 was first recorded in 2013.
How many sections does PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 have?
PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 contains 15 sections.
Where can I read the official version of PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013?
The official text of PERATURAN-PERATURAN PERLINDUNGAN DATA PERIBADI 2013 is published at lom.agc.gov.my.