March 22, 2023

Innovation & Tech Today


Buyer’s guide: The Top 50 Most Innovative Products

How the Personal Data Protection Act 2010 (PDPA) Compares to GDPR

Since January 2012, the European Commission has been striving towards greater data protection for citizens of the European Union (the EU). GDPR or General Data Protection Regulation is the culmination of these efforts and it went into effect in May 2018.

This set of regulations is designed to give EU citizens greater control over their data and how it is maintained and used by companies that have access to it. Given that there are over 400 million internet users in the European Union, a huge number of people are impacted by its implementation. For example, there were plenty of headlines about marketing emails as businesses, requiring consent in order to keep sending marketing messages to customers, began to flood inboxes with reminders of resubmitting personal data.

But, while these email blasts, privacy pop-ups, and cookie consent windows on websites may be frustrating, GDPR is being seen as a massive overhaul to the European, digital landscape and has been compared to the Personal Data Protect Act (PDPA), which was introduced by Malaysia in 2010 before being gazetted in 2013 with businesses given three months to comply.

What Are the Differences Between PDPA and GDPR?

Although both the PDPA and the GDPR have catchy, four-letter acronyms, these two regulatory efforts actually work rather differently. The first major difference is that, while the PDPA applies to personal data in terms of commercial usage and doesn’t apply to business and companies outside of Malaysia (unless they process data within the country), the GDPR impacts any business offering goods or services to EU citizens regardless of where that business is based.

Another significant difference is in how PDPA and GDPR offenses are prosecuted. The GDPR offers much harsher punishments for violating its terms. Businesses may be fined up to 20 million Euros or 4% of their annual global turnover for the second violation of GDPR, whereas PDPA violations are punished with fines of 20,000 Malaysian Ringgit (approximately 4,200 Euros) and potential imprisonment.

Either way that people look at it, it is important for businesses to take data security seriously, considering how they safeguard their data no matter where it is stored (including big data and data stored on clouds). Addressing external and internal threats, such as malicious and compromised users, is also paramount when it comes to keeping data safe. Failing to do so results in fines that many businesses just cannot afford.

Why Data Security is So Important

Even looking at it from a business perspective, staying compliant of GDPR, PDPA and any other, similar data regulations is hugely important and not just because of the potential punishments. Offering greater data security also instills customers and clients with confidence, allowing them to put their trust in you that you will keep their details safe.

Breaches and data leaks erode customer loyalty in the short-term and, in the long-term, they can significantly impact a business’ prospects and opportunities. So, while GDPR and PDPA is a win for data protection, anything that helps kick businesses into action when it comes to data protection should be seen as a good thing.

By I&T Today

By I&T Today

Innovation & Tech Today features a wide variety of writers on tech, science, business, sustainability, and culture. Have an idea? Send it to

All Posts



Vail Comedy Festival



* indicates required


We hate spam too. You'll get great content and exclusive offers. Nothing more.



Looking for the latest tech news? We have you covered.

Don’t be the office chump. Sign up here for our twice weekly newsletter and outsmart your coworkers.