Overview on the Data Breach Notification under the Personal Data Protection Act 2010

Overview on the Data Breach Notification under the Personal Data Protection Act 2010

Azmi & Associates Azmi & Associates

Azmi & Associates

Global Reach, Local Perspective

发布日期: 2025年3月13日
+ 关注

Introduction

Section 12B of the Personal Data Protection Act 2010[1] [Act 709] (“PDPA”), which will come into effect on 1 June 2025 introduces a mandatory requirement for data controller to notify the Personal Data Protection Commissioner (“Commissioner”) and affected data subjects if the data controller has reason to believe that a personal data breach has occurred.

Pursuant to the above and Section 48(g) of the PDPA, the Commissioner has recently issued:

(a) Circular of Personal Data Protection Commissioner No. 2/2025 (Data Breach Notification) (“Circular No. 2/2025”); and

(b) Personal Data Protection Guideline: Data Breach Notification Version 1.0 (“DBN Guideline”).

Circular No. 2/2025 (which will come into effect on 1 June 2025) and the DBN Guideline serves as a valuable reference to help data controller in adhering to their obligations in respect of personal data breach.

Key Information under the Circular No. 2/2025 and the DBN Guideline

We highlight below some of the key information under the Circular No. 2/2025 and the DBN Guideline:?

Conclusion

In conclusion, data controllers are required to comply with all the requirements in respect of personal data breach notification as required under Circular No. 2/2025 and DBN Guideline. Further, it is important for such data controllers to be proactive in reviewing and updating their existing data protection policies, procedures and notices to reflect the above requirements and to strictly adhere to the same to ensure compliance with the PDPA.

  1. Incorporated into the PDPA pursuant to the Personal Data Protection (Amendment) Act 2024.
  2. Paragraph 3(1)(c) of Circular No. 2/2025.
  3. Paragraph 4(3) of Circular No. 2/2025 and Paragraphs 5.2 to 5.3 of DBN Guideline.
  4. Paragraph 4(1) of Circular No. 2/2025 and Paragraph 5.1 of DBN Guideline.
  5. Paragraph 6.1 of DBN Guideline.
  6. Paragraph 6.2(iii) of DBN Guideline.
  7. Paragraph 7.1 of DBN Guideline.
  8. Paragraph 4(4) of Circular No. 2/2025 and Paragraph 7.4 of DBN Guideline.
  9. Paragraph 7.3 of DBN Guideline.
  10. Paragraph 4(5) of Circular No. 2/2025 and Paragraph 7.7 of DBN Guideline.
  11. Paragraph 4(6) of Circular No. 2/2025 and Paragraph 7.5 of DBN Guideline.
  12. Paragraph 4(7) of Circular No. 2/2025 and Paragraph 14.1 of DBN Guideline.
  13. Paragraph 5(1) of Circular No. 2/2025 and Paragraph 8.1 of DBN Guideline.
  14. Paragraph 5(2) of Circular No. 2/2025 and Paragraph 9.1 of DBN Guideline.
  15. Paragraph 5(3) of Circular No. 2/2025 and Paragraph 10.1 of DBN Guideline.
  16. Paragraph 10.5 of DBN Guideline.
  17. Paragraph 5(2) of Circular No. 2/2025 and Paragraph 10.2 of DBN Guideline.
  18. Paragraph 5(4) of Circular No. 2/2025 and Paragraphs 10.3 to 10.4 of DBN Guideline.
  19. Paragraph 11.3 of DBN Guideline.
  20. Paragraph 7(2) of Circular No. 2/2025 and Paragraphs 12.1 to 12.2 of DBN Guideline.
  21. Paragraphs 13.1 to 13.6 of DBN Guideline.
  22. Paragraphs 15 to 16 of DBN Guideline.

Corporate Communications, Azmi & Associates - 13 March 2025

@azmilaw Newsletter @azmilaw Newsletter

@azmilaw Newsletter

4,755 位关注者

订阅

要查看或添加评论,请登录

Azmi & Associates的更多文章