The Malaysian government has the entry into force date of the Personal Data Protection Act (PDPA) 2010. The Act will enter into force on 15 November 2013 and will introduce an omnibus privacy regime in Malaysia for the first time. The publication of the PDPA is accompanied by a number of regulations and orders that clarify some of its provisions. The PDPA was passed by the Malaysian Parliament in May 2010, and received Royal Assent in June 2010, however its entry into force had been delayed. “The PDPA will apply to any person who processes or has control over the processing of any personal data, known as a data user,” said Jillian Chia, Senior Associate at Skrine. “It is important to note that ‘processing’ is defined widely under the PDPA to cover a wide range of activities, including using, disseminating, collecting, recording and/or storing personal data. Furthermore, only individuals are referred to as ‘data subjects’ under the PDPA.” The PDPA introduces, among other things, seven data protection principles which data users must comply with. Violation of any of these principles will result in a fine of up to 300,000 ringgit (approximately 74,485€) and/or up to three years’ imprisonment. “Where a data user has collected personal data before the date of coming into operation of the PDPA, such users will have three months to comply,” said Chia.