Breach Notification
The legal requirement to inform regulators, affected individuals, or both when a data breach involving personal data has occurred.
Breach notification is the process of informing the relevant authority and affected individuals when personal data has been compromised. The PDPA Amendment Act 2024 introduced mandatory breach notification in Malaysia — organisations must notify the Personal Data Protection Commissioner within 72 hours of discovering a data breach.
72-Hour Deadline
The 72-hour clock starts when you become aware of the breach, not when it occurred. Malaysian businesses must have an incident response plan ready so they can assess, contain, and report breaches within this tight window. Failure to notify can result in fines up to RM 1 million under the amended Act.