Latest news with #PersonalDataProtectionAct
New Straits Times
4 days ago
- Business
- New Straits Times
Gobind: Malaysia must think global on digital security
KUALA LUMPUR: The government is accelerating efforts to build a robust digital security ecosystem, with a dual focus on grooming homegrown cybersecurity talent and crafting regulatory guardrails for artificial intelligence (AI). Digital Minister Gobind Singh Deo said Malaysia must think beyond its borders when it comes to digital security, as cybersecurity challenges and solutions are increasingly global in nature. "We want our talent to be recognised internationally and equipped to meet global standards," he said at the launch of the Certified Chief Information Security Officer (C|CISO) programme on Tuesday. He said bolstering the local talent pool will be critical as Malaysia prepares to implement the long-awaited Cyber Security Act and the amended Personal Data Protection Act (PDPA).
New Straits Times
4 days ago
- Business
- New Straits Times
NST Leader: Of PDPA and DPOs
"Give us time, give us time", is a refrain we often hear from Malaysian employers when the government introduces a new law or regulation. The amendment to the Personal Data Protection Act (PDPA) that makes the appointment of data protection officers (DPO) mandatory for companies processing more than 20,000 individual personal data or 10,000 sensitive personal data entries, is no exception, with the Small and Medium Enterprises Association of Malaysia, the Malaysian Employers Federation and the Federation of Malaysian Manufacturers complaining that the rule on DPOs is vague and they need more time. Are employers right? No, according to lawyer Arik Zakri. Malaysia, he says, ranks high on the list of countries where online fraud and personal data leaks are common occurrences. To him, there is no valid reason to delay the enforcement of the PDPA. Plus, nine months have elapsed since the Dewan Negara passed the amendment bill on July 31, 2024. Given that three public consultation papers have been issued since January last year, time shouldn't be an issue. As Arik points out, the employers would be missing a good legal defence if they delay the appointment of the DPOs. DPOs, being experts in their field, help companies safeguard personal data, which can serve as a defence in law if they are charged for offences under the act. The directors of the companies can claim they took every reasonable measure possible. Perhaps the employers are misreading the PDPA as amended. Not all companies are required to appoint DPOs. A good question for employers to ask is does this business require DPOs? The answer will be obvious: only companies that hit the 20,000 individual personal data or 10,000 sensitive personal data entries threshold need to do so. Companies that handle that number of personal data are into economies of scale to make higher profits, argues Arik. They should consider the money spent on appointing DPOs as a cost of doing that kind of business. Let's be blunt. Scams and data leakages in Malaysia have reached appalling levels. Malaysia's jurisprudence has not reached a stage where litigation based on breaches of data protection is widespread. We have yet to see big cases where punitive fines and jail terms being imposed on large corporations, such as telcos and financial institutions, for breaches of customers' personal data. The government is right in making the appointment of DPOs mandatory. Let's not forget that the PDPA was passed in 2013 and that is enough time for our employers to have prepared their businesses for this eventuality. Employers should adopt a more positive attitude and march in step with the government's efforts to protect the personal data of the people. It is also in the interest of the employers to hurry with the appointment of the DPOs because it can help mitigate the litigation risks that the companies may be up against. Employers should not underestimate the impact of a data breach suit; it can be so damaging — should the data subjects be numerous — that it can put an entity out of business. True, we haven't had such a case in Malaysia, but it doesn't mean it will never happen.
New Straits Times
6 days ago
- Business
- New Straits Times
Data protection officer rule creates SME compliance woes
KUALA LUMPUR: An association representing more than 5,000 small- and medium-scale enterprises (SMEs) has voiced concerns about the lack of clarity on the government's requirement for certain businesses to employ data protection officers (DPOs). Last July, the Personal Data Protection Act (PDPA) was amended, requiring, among other things, the appointment of DPOs for companies processing more than 20,000 individual personal data entries and 10,000 sensitive personal data entries. The amended PDPA comes into effect today, but the Small and Medium Enterprises Association of Malaysia (Samenta) said many companies are in the dark over policy specifics. "Most SMEs are struggling to interpret what is expected of them, including the criteria for determining who qualifies as a DPO, the scope of responsibilities, and the consequences of non-compliance," Samenta president Datuk William Ng said. He said while SMEs understood the importance of data protection, there is a need to be realistic about the capacity of smaller companies to absorb additional costs linked to the rule. "Many SMEs subject to PDPA are using bare-bones templates for their policy statements. "The new rule requiring a data protection officer will raise costs and compliance requirements." He said the creation of such a role would set an SME back by RM45,000 to RM60,000 a year. Ng called on the government to extend the deadline for compliance. "We need the government to provide clearer, more detailed guidelines on the DPO role, including responsibilities, compliance expectations and enforcement mechanisms." The New Straits Times has reached out to the Digital Ministry for comment and clarification about the DPO role, enforcement plans and industry player concerns, but has not received a response. While the Personal Data Protection Commissioner's Office has released guidelines on the appointment of DPOs, employers say the guidelines lack clarity and specificity. According to the FAQ on the commission's website, no minimum requirements have been set for DPOs, although employers must ensure that appointed officers receive adequate training to perform their duties. It also states that DPOs must be knowledgeable about PDPA and have a sound understanding of data security. The FAQ said there is no directive on the duration of courses or training that DPOs must attend. "However, it is recommended that such courses or training be completed within a reasonable timeframe, and organisations should determine an appropriate duration based on the course content and their needs." Malaysian Employers Federation president Datuk Syed Hussain Syed Husman has called for the publication of detailed guidelines on the minimum qualifications required for DPOs. "The government should outline minimum competency standards to ensure consistency. "Without this standard, enforcement may be arbitrary, and employers acting in good faith may face penalties." "Without guidelines on credentials, employers face uncertainty when hiring and appointing DPOs." Syed Hussain said MSMEs, in particular, would struggle with role allocation, especially if the DPO role is part time or combined with other responsibilities. "For large employers, DPO responsibilities may be absorbed within the legal, compliance or IT departments. "But most SMEs will find it difficult to manage this as a separate requirement. "We need to be realistic in our execution and not rely on a textbook approach." He urged the government to consider extending the compliance deadline. "Additional time will allow employers to prepare and build the necessary infrastructure for sustained compliance and effective data protection governance." Federation of Malaysian Manufacturers president Tan Sri Soh Thian Lai said hiring a full-time DPO would significantly increase salary and benefit costs for companies. "Annual salaries for an in-house DPO range from RM40,000 to RM150,000, depending on the company's size, the size and complexity of the data handled, and the talent's experience." Soh said a short extension period should be given to companies struggling to comply with the regulation. He said the government should provide additional guidance and support, such as training programmes and clearer communication about the requirements. Jobstreet by SEEK estimates that 27,000 DPOs are needed to fulfil the government's requirements, its managing director Nicholas Lam said. "There is no public estimate for thenumber of practising DPOs in Malaysia. "However, industry feedback on our platform indicates that while organisations recognise the importance of data protection, many do not yet have a dedicated DPO role." Lam said DPO job listings have been relatively unchanged since 2021 despite the new requirements. UiTM Associate Professor of Cybersecurity and Information Safety Dr Muhamad Khairulnizam Zaini said university programmes at the bachelor's and master's levels and even certificates were sufficient to supply such talent. "The Human Resources Development Corporation's Data Privacy and Privacy by Design course is also applicable to develop the skills needed." Khairulnizam, however, said there would be a temporary shortage of DPOs as the June deadline looms. "We are on the right track. Preparedness is a challenge due to a lack of talent." He said that the government's mandate has aligned Malaysia more closely with international standards. He added that having qualified personnel will reduce data breaches and cybersecurity risks, and encourage companies to be more accountable in maintaining cyber hygiene.
Business Mayor
13-05-2025
- Business
- Business Mayor
Pakistan's tech startups shine at GISEC
DUBAI: All seven Pakistani tech startups participating in this year's Gulf Information Security Expo and Conference (GISEC) made it to the pitch competition semi-finals, amid a backdrop of reports that there was a major uptick in cyber attacks between India and Pakistan during recent tensions. The group of budding entrepreneurs was sponsored by Ignite – National Technology Fund, a Pakistan Ministry of IT & Telecom initiative. While none made the final cut, they found there were other wins to be made at the expo. Dubai Chamber of Digital Economy backs 127 startups in Q1 'We just signed a deal with an IT distributor in the Gulf, which has presence in Bahrain, the UAE, Ireland and New Zealand,' Waqar Ahmed, CEO of Securitanium, told Business Recorder . 'We will be onboarding with them as a vendor for email security, and hopefully, we will collaborate with them to offer our product to their clients in future.' 'More than 80% of cyber attacks are caused by phishing emails despite having email gateway protection,' said Ahmed. 'They are not detecting the content or analyzing the body of the email. Our artificial intelligence (AI) powered solution not only looks at the IP and domain, but also analyzes the content for indicators of phishing and removes such emails.' According to the participants, AI is not just a trend but the next step in strengthening online security. 'AI is the talk of the town, wherever you go, wherever you speak, whatever you hear, there is always AI,' said Muhammad Ali Inayat, founder of Pakistani company According to him, it's an exciting time to be in the cybersecurity industry in the Gulf region, especially in the UAE and Saudi Arabia, where the Personal Data Protection Act has been recently enacted. Inayat is also CEO of Kinverg, parent company that already has a presence in the Gulf region. Globally, he said, data protection has taken off in the last decade, and that has made compliance challenging for companies to operate across the world. 'We are promising to reduce the cost of compliance by 50% by providing companies with pre-built controls which are mapped to all of these regulatory frameworks.' Pakistani startups offered all kinds of security products at the event. Thingzeye featured its network security protection service for home and office smart devices, as well as for medical devices. 'Our Smart Home Firewall provides protection to all the smart gadgets that kids use at home,' said CEO Ghalib Asadullah Shah. 'It also provides parental control and children's social behaviour analysis. It profiles all the devices that are used at your home.' 'It identifies and provides information about all the devices which may be connected to your home network,' he added. The protection is also extended to devices that capture personal health data, including smartwatches and heart monitors. Shah said coming to GISEC gave him confidence in his company's product. 'The experience has been wonderful for us,' he said. 'I got exposure and I got some confidence as well because it gives us a platform where we can compete at the international level. That's what we have gained here: don't be afraid of coming to an international stage and don't underestimate yourself, you have the potential.' It is the presence of such talent that encouraged 'Ignite – National Technology Fund, a Ministry of IT & Telecom initiative,' to bring Pakistani startups to the event. Ignite focuses on fourth industrial wave tech and on ecosystem development initiatives to fulfill its mission of creating a knowledge economy in Pakistan, says the organization's website. Its national network of incubators nurtures startups, while tech innovation grants are offered to innovative, deep tech projects and startups. 'GISEC is our partner at Digital Pakistan Cyber Security Hackathon and we're looking forward to a long-lasting relationship,' said Adeel Aijaz Shaikh, Ignite's CEO, adding that they're hoping to bring more teams and startups to next year's event. Inayat and Shah both said they would encourage Pakistani youth to step into this trending industry. 'Pakistan is full of potential when it comes to cybersecurity,' said Inayat. 'The first virus in the world was also built right in Lahore, by the way. We know this field very well.' Shah echoed his peer's words. 'If you have an interesting, innovative idea, just come and pitch [at GISEC] and you will find a lot of people who are interested in your product,' he said. Khalid Yacoob, an event visitor, was surprised to see a Pakistan pavillion. 'I'm originally from Pakistan and it is lovely to see that Pakistan is getting involved in the industry of cybersecurity,' said the director of business development at IT consultancy HiveMind Global. GISEC took place from May 6 to 8, attracting some 750 cybersecurity companies and 25,0000 visitors from over 160 countries. Attendees were able to participate in hackathons and panel discussions. The UAE Cybersecurity Council, host of GISEC Global, earned 11 Guinness World Records through the event, it said. This included 'most nationalities in a simulated Dark Web intelligence training session' and 'largest ransomware awareness session.' Copyright Business Recorder, 2025
Business Recorder
13-05-2025
- Business
- Business Recorder
Pakistan's tech startups shine at GISEC
DUBAI: All seven Pakistani tech startups participating in this year's Gulf Information Security Expo and Conference (GISEC) made it to the pitch competition semi-finals, amid a backdrop of reports that there was a major uptick in cyber attacks between India and Pakistan during recent tensions. The group of budding entrepreneurs was sponsored by Ignite - National Technology Fund, a Pakistan Ministry of IT & Telecom initiative. While none made the final cut, they found there were other wins to be made at the expo. Dubai Chamber of Digital Economy backs 127 startups in Q1 'We just signed a deal with an IT distributor in the Gulf, which has presence in Bahrain, the UAE, Ireland and New Zealand,' Waqar Ahmed, CEO of Securitanium, told Business Recorder. 'We will be onboarding with them as a vendor for email security, and hopefully, we will collaborate with them to offer our product to their clients in future.' 'More than 80% of cyber attacks are caused by phishing emails despite having email gateway protection,' said Ahmed. 'They are not detecting the content or analyzing the body of the email. Our artificial intelligence (AI) powered solution not only looks at the IP and domain, but also analyzes the content for indicators of phishing and removes such emails.' According to the participants, AI is not just a trend but the next step in strengthening online security. 'AI is the talk of the town, wherever you go, wherever you speak, whatever you hear, there is always AI,' said Muhammad Ali Inayat, founder of Pakistani company According to him, it's an exciting time to be in the cybersecurity industry in the Gulf region, especially in the UAE and Saudi Arabia, where the Personal Data Protection Act has been recently enacted. Inayat is also CEO of Kinverg, parent company that already has a presence in the Gulf region. Globally, he said, data protection has taken off in the last decade, and that has made compliance challenging for companies to operate across the world. 'We are promising to reduce the cost of compliance by 50% by providing companies with pre-built controls which are mapped to all of these regulatory frameworks.' Pakistani startups offered all kinds of security products at the event. Thingzeye featured its network security protection service for home and office smart devices, as well as for medical devices. 'Our Smart Home Firewall provides protection to all the smart gadgets that kids use at home,' said CEO Ghalib Asadullah Shah. 'It also provides parental control and children's social behaviour analysis. It profiles all the devices that are used at your home.' 'It identifies and provides information about all the devices which may be connected to your home network,' he added. The protection is also extended to devices that capture personal health data, including smartwatches and heart monitors. Shah said coming to GISEC gave him confidence in his company's product. 'The experience has been wonderful for us,' he said. 'I got exposure and I got some confidence as well because it gives us a platform where we can compete at the international level. That's what we have gained here: don't be afraid of coming to an international stage and don't underestimate yourself, you have the potential.' It is the presence of such talent that encouraged 'Ignite - National Technology Fund, a Ministry of IT & Telecom initiative,' to bring Pakistani startups to the event. Ignite focuses on fourth industrial wave tech and on ecosystem development initiatives to fulfill its mission of creating a knowledge economy in Pakistan, says the organization's website. Its national network of incubators nurtures startups, while tech innovation grants are offered to innovative, deep tech projects and startups. 'GISEC is our partner at Digital Pakistan Cyber Security Hackathon and we're looking forward to a long-lasting relationship,' said Adeel Aijaz Shaikh, Ignite's CEO, adding that they're hoping to bring more teams and startups to next year's event. Inayat and Shah both said they would encourage Pakistani youth to step into this trending industry. 'Pakistan is full of potential when it comes to cybersecurity,' said Inayat. 'The first virus in the world was also built right in Lahore, by the way. We know this field very well.' Shah echoed his peer's words. 'If you have an interesting, innovative idea, just come and pitch [at GISEC] and you will find a lot of people who are interested in your product,' he said. Khalid Yacoob, an event visitor, was surprised to see a Pakistan pavillion. 'I'm originally from Pakistan and it is lovely to see that Pakistan is getting involved in the industry of cybersecurity,' said the director of business development at IT consultancy HiveMind Global. GISEC took place from May 6 to 8, attracting some 750 cybersecurity companies and 25,0000 visitors from over 160 countries. Attendees were able to participate in hackathons and panel discussions. The UAE Cybersecurity Council, host of GISEC Global, earned 11 Guinness World Records through the event, it said. This included 'most nationalities in a simulated Dark Web intelligence training session' and 'largest ransomware awareness session.' Copyright Business Recorder, 2025
