������Ƶ

A Privacy Notice tells people how your organization collects, uses, and protects their personal data under Malaysian law. It's a key document that helps businesses comply with the Personal Data Protection Act 2010 while building trust with customers, employees, and other stakeholders.

This notice explains what information you gather, why you need it, who you share it with, and how long you keep it. It must be written clearly and given to individuals before collecting their data. Malaysian businesses typically display it on their websites, include it in employee handbooks, and share it during customer sign-ups.

Use a Privacy Notice any time you start collecting personal data from Malaysians���like when launching a new website, mobile app, or customer loyalty program. It's essential before rolling out HR systems that handle employee information or when setting up data-sharing arrangements with vendors and partners.

Many situations trigger the need for this notice: opening physical stores that use CCTV, starting email marketing campaigns, or expanding operations to collect new types of data. Malaysian law requires you to provide this notice before collecting information, so prepare it early in your planning process. Update it when your data handling practices change or when introducing new services.

• Employee Privacy Notice: Specifically designed for staff data handling, covering payroll, benefits, and workplace monitoring.
• Website Privacy Notice: Focuses on online data collection, cookies, and digital tracking practices.
• Personal Data Protection Notice: Comprehensive version covering all personal data processing activities.
• Data Privacy Notice: Simplified version for small businesses and basic data collection.
• Data Protection Privacy Notice: Enhanced version with detailed security and cross-border transfer provisions.

• Business Owners & Directors: Responsible for approving the Privacy Notice and ensuring organizational compliance with PDPA requirements.
• Legal Teams: Draft and update notices to reflect current data handling practices and legal requirements.
• Data Protection Officers: Oversee implementation and maintain compliance with privacy policies across the organization.
• IT Departments: Implement technical measures described in the notice and manage data security protocols.
• HR Managers: Handle employee data according to the notice and ensure staff understanding of privacy policies.
• Customers & Employees: Read and acknowledge the notice before sharing personal information with the organization.

• Data Mapping: List all personal data your organization collects, uses, and shares.
• Processing Methods: Document how you store, transfer, and protect personal information.
• Third Parties: Identify all vendors, partners, and service providers who access the data.
• Legal Requirements: Review PDPA compliance needs and industry-specific regulations.
• Contact Details: Designate a data protection officer or contact person for privacy concerns.
• Language Check: Ensure the notice is available in both Bahasa Malaysia and English.
• Distribution Plan: Determine how you'll share the notice with data subjects.

• Data Collection Statement: Clear description of personal information types being collected.
• Purpose Declaration: Specific reasons for collecting and processing personal data.
• Data Subject Rights: Explanation of rights to access, correct, and withdraw consent.
• Security Measures: Description of safeguards protecting personal information.
• Data Sharing Policy: List of third parties receiving or processing the data.
• Retention Period: Duration for keeping personal information.
• Contact Information: Details of the data protection officer or responsible person.
• Consent Mechanism: Clear process for giving and withdrawing consent.
• Cross-border Transfers: Information about international data movement.

A Privacy Notice differs significantly from a Data Processing Notice in several key ways. While both deal with personal data handling, they serve distinct purposes under Malaysian law and the Personal Data Protection Act (PDPA).

• Primary Purpose: Privacy Notices inform individuals about how their data is collected and used overall, while Data Processing Notices specifically detail the technical processing activities and data flows.
• Timing of Use: Privacy Notices must be provided before or during data collection, whereas Data Processing Notices are often issued when specific processing activities begin or change.
• Scope: Privacy Notices cover broader aspects including rights, consent, and security measures. Data Processing Notices focus on specific processing operations, technical details, and processor obligations.
• Target Audience: Privacy Notices are written for data subjects (customers, employees), while Data Processing Notices are typically exchanged between organizations handling the data.