The Malaysian Personal Data Protection Act 2010 ("the Act") places restrictions on the transfer of personal data outside Malaysia unless it is: to a jurisdiction which has been approved under Section 129(1); or one of the conditions set out in Section 129(3) of the Act is satisfied.
To date, no jurisdictions have been approved under Section 129(1).
On 4 April 2017 the Personal Data Protection Commission issued a public consultation setting out jurisdictions which it is considering recommending to be approved under Section 129(1) as places to which personal data may be transferred outside Malaysia (the proposed “Whitelist”).
The consultation document is available at:
As the proposed Whitelist is at public consultation stage, it has no force of law. The Commissioner has invited comments which may be submitted from now until 4 May 2017.
The proposed Whitelist includes:
· European Economic Area (EEA) member countries
· United Kingdom
· The United States of America
· New Zealand
· Faeroe Islands
· Isle of Man
· Hong Kong
· The Philippines
· Dubai International Financial Centre (DIFC)
If you have any queries or require more information, please feel free to get in touch with us.