Malaysia’s Personal Data Protection Act 2010 (PDPA) has undergone significant updates through the Personal Data Protection (Amendment) Act 2024 . These changes are intended to modernise Malaysia’s data protection framework, strengthen individual rights, and align local laws with international data protection standards such as the GDPR. Below is a simple overview of the key updates and what they mean for organisations and individuals . 1. Updated Terminology and Definitions One of the major changes is the modernisation of terms used in the Act: “Data User” is replaced with “Data Controller” , aligning with global data protection terminology. Biometric data (such as fingerprints and facial recognition data) is now expressly classified as sensitive personal data . A new definition of “personal data breach” has been introduced. The definition of personal data now excludes data relating to deceased persons . These updates ...