Of PDPA and DPOs

“GIVE us time, give us time”, is a refrain we often hear from Malaysian employers when the government introduces a new law or regulation. The amendment to the Personal Data Protection Act (PDPA) that makes the appointment of data protection officers (DPO) mandatory for companies processing more than 20,000 individual personal data or 10,000 sensitive personal data entries, is no exception, with the Small and Medium Enterprises Association of  Malaysia, the Malaysian Employers Federation and the Federation of Malaysian Manufacturers complaining that the rule on DPOs is vague and they need more time. Are employers right? No, according to lawyer Arik Zakri. Malaysia, he says, ranks high on…