Select Page

NAVIGATING MALAYSIA'S PDPA & 2024 AMENDMENTS: COMPLIANCESM RISK & BEST PRACTICES

This intensive 2-day professional training programme is designed to equip participants with the practical skills and knowledge required to ensure compliance with Malaysia’s Personal Data Protection Act 2010 (PDPA) and the latest changes introduced by the Personal Data Protection (Amendment) Act 2024.

Combining legal insights, practical case studies, and interactive workshops, participants will learn how to build a compliant data governance framework, manage risks, and operationalize best practices in data protection. By the end of this programme, participants will be prepared to meet the new legal obligations, manage data breaches, and safeguard their organisations’ compliance posture under the revised law.

Who Should Attend

  • Data Protection Officers (DPOs)

  • Compliance, Risk & Legal Managers

  • IT Security & Information Management Professionals

  • HR, Marketing, and Customer Service Managers

  • Senior Management & Business Owners

  • Organisations preparing for PDPA 2024 compliance

LEARNING OUTCOMES

Upon completion of this course, participants will be able to:

  • Confidently interpret and apply the PDPA and 2024 amendments in practice.

  • Implement organisational policies and controls that meet compliance standards.

  • Manage consent, DSARs, and data breaches effectively.

  • Demonstrate accountability and readiness for audits and investigations.

  • Strengthen overall data governance and risk management capabilities.

    TRAINING METHODOLOGY

    • Expert-led lectures with real-world case examples

    • Interactive discussions and Q&A

    • Hands-on group exercises and workshops

    • Scenario-based simulations for data breach and enforcement response

    Course Content

    DAY 1: LEGAL FOUNDATIONS & CORE COMPLIANCE FRAMEWORK

     

    Session 1: Introduction to PDPA 2010 and the 2024 Amendments

     

    Overview of Malaysia’s data protection landscape

    • Legislative objectives and evolution of PDPA
    • Policy drivers and intent behind the 2024 amendments
    • Implementation timeline and transitional provisions
    • Key definitions and scope updates (personal data, processing, data subject, data user)
    • Application and exemptions under PDPA (newly covered sectors)
    • Role and enhanced powers of the Personal Data Protection Commissioner
    • Recent enforcement trends and comparative analysis: PDPA 2010 vs PDPA 2024

     

    Session 2: The Seven Data Protection Principles – Updated Framework

     

    • General, Notice & Choice, Disclosure, Security, Retention, Integrity, and Access Principles
    • Enhanced obligations under the 2024 amendments
    • How the revised principles apply to modern data processing practices
    • Interactive Exercise: Applying the principles to industry-specific case scenarios

     

    Session 3: Consent Management in Practice

     

    Part A: Legal Foundations of Consent

    • Legal basis for processing under PDPA
    • Types and validity of consent (express, implied, deemed)
    • Consent for sensitive personal data
    • Withdrawal of consent and renewal mechanisms

     

    Part B: Practical Application

    • Designing compliant consent forms and notices
    • Managing consent in digital environments (web, apps, CRM systems)
    • Maintaining consent records and audit trails

     

    Workshop: Drafting and evaluating compliant consent notices

     

    Session 4: Data Subject Rights & Request Management (DSARs)

    1. Overview of statutory data subject rights
    • Access, Correction, Withdrawal, Objection, and Direct Marketing Opt-Out
    1. Managing DSARs: receiving, verifying, compiling, responding
    2. Handling refusals and documenting responses
    3. Updates to rights and new obligations under PDPA 2024

     

    Workshop: Building a DSAR Response Protocol and workflow

     

    End of Day 1

     

    DAY 2: GOVERNANCE, SECURITY, BREACH MANAGEMENT & ENFORCEMENT

    Session 5: Data Protection Governance and Accountability

     

    Part A: Governance Structure

    • Accountability principle and organisational ownership
    • Establishing roles and responsibilities (DPO, committees, working groups)
    • Integrating data protection with IT, risk, and legal functions

     

    Part B: Policies and Procedures

     

    1. Building key compliance policies:
    • Data Protection Policy
    • Data Retention & Disposal
    • Data Breach Response
    • Third-Party & Cross-Border Data Transfer
    • Privacy Notices & Consent Policies
    1. Implementing SOPs for DSAR handling, vendor management, and breach notification
    2. Introduction to Privacy by Design & DPIA

     

    Group Activity: Drafting a Data Protection Policy Framework

     

    Session 6: Data Security and Cross-Border Transfers

     

    • Security obligations and enhanced requirements under PDPA 2024
    • Implementing technical and organisational safeguards
    • Vendor and data processor management
    • New accountability provisions for processors
    • Cross-border data transfer mechanisms and updated compliance requirements

     

    Group Activity / Case Study: Evaluating cross-border transfer scenarios

     

    Session 7: Mandatory Data Breach Notification

    • Section 6A (New) – Understanding breach notification duties
    • Defining a notifiable breach and the 72-hour rule
    • Content and timing of notifications to the Commissioner and data subjects
    • Documentation and record-keeping requirements
    • Administrative and criminal penalties for non-compliance

     

    Workshop: Developing a Data Breach Response Plan and notification templates

     

    Session 8: Enforcement, Penalties & Compliance Defence Strategies

     

    Part A: Enhanced Enforcement Regime

    • Administrative Monetary Penalties (AMPs) – structure and calculation
    • Expanded investigative powers of the Commissioner
    • Compliance notices, directives, audits, and inspections
    • Corporate and director liability for offences

     

    Part B: Mitigation & Compliance Defence

    • Factors influencing penalty decisions
    • Building a compliance defence framework
    • Best practices for managing Commissioner investigations

     

    Activity: Enforcement simulation and compliance response planning

     

    End of Day 2

     

     

    Enquiry

    For More info,  Click & Enquire Now

    Or Call Us :  +6016 338 2229

    Enquire Now

    Course Schedule

    Date: 2 Days
    Time: 9 AM – 5 PM

     

    Course Fee

    Inclusive of training material, certificates & meals.

    Our course is HRDF claimable.
    Contact us to claim for promo rate.

    WhatsApp Us

    Location

    In House Available or At Our Training Centre located : 

    Axon Consultancy Sdn Bhd
    No. 2-2, Plaza Usahawan Genting Kelang,
    Jalan Danau Niaga 1, Taman Danau Saujana,
    53300 Kuala Lumpur.

     

    Certificate

    • Participants will receive a Certificate of Completion upon full participation in the programme.

    Registration

    To register, kindly download & fill in the form.
    Download

    About The Trainer & Programme

    To know more about our trainer click here

    Click the buttom below to download the brochure.

    Download

    Enquiry

    For More info,  Click & Enquire Now

    Or Call Us :  +6016 338 2229

    Enquire Now