Data Controller
The person or organisation that determines the purposes and means of processing personal data, bearing primary responsibility for PDPA compliance.
Under Malaysia's Personal Data Protection Act 2010 (PDPA), a data controller is any person who processes, or has control over, the processing of personal data. If your business collects customer names, email addresses, phone numbers, or any other personal information for commercial purposes, you are a data controller.
PDPA Obligations
As a data controller, you must register with the Department of Personal Data Protection (JPDP), comply with all 7 data protection principles, and implement practical security measures to protect the data you hold. Failure to comply can result in fines up to RM 500,000.