Introduction Malaysia’s Updated PDPA has recently undergone important changes. These updates, however, have been missed or ignored by many organisations. Consequently, both local and international ...

In today’s interconnected world, businesses constantly handle vast amounts of data. With the proliferation of digital transactions and the increasing importance of data in decision-making, it has ...

Meeting Legal Obligations with a PDPA DPO Under the PDPA, organisations must follow strict guidelines when collecting, using, and disclosing personal data. A DPO ensures that all processes adhere to ...

Privacy by design for AI personal data processing is a framework that emphasizes the importance of privacy and data protection t ...

At the federal level, HIPAA Compliance does not specify a uniform data retention period. Instead, healthcare providers are required to keep records “as long as may be necessary to treat the patient ...

In today’s fast-evolving digital landscape, data breaches are an ever-present risk. Consequently, organisations need a clear, structured plan to address breaches when they occur. Central to this ...

However, as the use of AI facial recognition technology becomes more widespread, concerns are mounting about its potential dangers and the need for regulation. In Thailand, the Personal Data ...

Introduction In this five-part mini-series, we delve into the Singapore Personal Data Protection Act (PDPA). In the first article, we examine the Personal Data Protection Commission (PDPC) and its ...

PDPA Non-Compliance: A Costly Oversight Non-compliance with the PDPA comes at a high price. The PDPC Singapore has the authority to impose fines for breaches of data protection laws. These fines are ...

6: Conclusion: Trust Formiti for Global DPO Excellence The appointment of a qualified DPO is no longer optional under Malaysia’s amended PDPA 2024—it is a strategic imperative. Formiti Data ...

Supervising Disputes and Complaints Occasionally, a data subject may challenge the organisation’s handling of their DSAR. In such cases, the DPO plays a central role in resolving disputes: Internal ...

Obtain consent: Employers should obtain the consent of their employees before collecting and processing their personal data. The consent should be specific, informed, and freely given unless it is ...