Personal Data Protection Act 2010 (PDPA)

Gazetted in Malaysia in 2010 and became effective on 15 Nov 2013.

The PDPA is an Act that regulates the processing of personal data in regards to commercial transactions. The act regulates the way that your personal information is stored, held and processed by businesses and organisations. The fundamental principles of the act in Malaysia range from keeping your information secure, ensuring that its accurate and up to date, that it is not held any longer than needed and that it is held under the owner’s rights. If the information is transferred, it must be done in a lawful and secure manner so as to ensure the protection of the owner’s personal data. The penalty in Malaysia for non-compliance is between RM100k – 500k and/or between 1 – 3 years imprisonment.

MISI understands your personal data are your rights and MISI shall ensure that MISI complies strictly to the PDPA.


The Act affects the Personal Data Life Cycle Management Process from the point personal data is collected, used, stored and destroyed.

The Act applies to Customers (MISI Students), Employees and Third Party Service Providers personal data.

At MISI various Business Processes have been introduced to comply with the PDPA requirements, and this will also involve your timely and accurate updating of the Central Repository held in the Registrars office.

For more information on the PDPA act:
Download Document