Today’s digital landscape in ASEAN’s emerging digital economy, rapidly evolving regulations and increasing cybersecurity threats demand a proactive approach to data protection and privacy compliance. Our Cybersecurity, Data & Privacy Practice Group provides strategic, business-oriented legal solutions to help organizations navigate complex regulatory frameworks, mitigate risks, and respond effectively to data breaches and cyber incidents.

Cybersecurity & Risk Management

We counsel clients on cybersecurity risk management, regulatory investigations, and compliance with Malaysia’s cybersecurity laws. Our services include:

• Advising National Critical Information Infrastructure (“NCII”) entities on cybersecurity incident notification requirements.
• Advising cybersecurity service providers on licensing requirements and procedures.
• Reviewing and enhancing preventive measures against cybercrimes.
• Assessing cybercrime risks arising from business operations and facilitating risk-mitigation strategies.

Data Protection & Privacy

We regularly assist clients on a wide range of data protection issues, including comprehensive compliance exercises, cross-border data transfers, and data protection concerns in e-commerce. Our team has extensive experience conducting Personal Data Protection Act 2010 (“PDPA”) compliance exercises across diverse industries, including financial services, insurance, telecommunications, public infrastructure services, property investment and development, tourism and travel, consumer products, and retail. Our services, include:

• Conducting personal data impact assessments to identify and assess projects, processes and documents affected by the PDPA.
• Developing, reviewing and amending policies, guidelines, agreements and other documents to ensure business operations comply with the PDPA.
• Conducting legal and regulatory monitoring to ensure ongoing compliance with evolving laws.
• Advising cross-border transfer of data and implications of the PDPA on cloud computing services.
• Advising on the intersection of data privacy and employment law, from pre-employment onboarding processes up to post-employment, including the issuance of notices to employees, sharing of personal data between affiliated companies, monitoring of employees’ use of communications facilities and workplace privacy considerations.
• Facilitating operational changes to minimise data protection-related risks.
• Developing and implementing data breach response frameworks and advising on breach notification requirements.

Our Approach

We take a proactive and business-oriented approach to cybersecurity, data protection, and privacy compliance. We work closely with clients to navigate complex regulatory landscapes, mitigate risks, and enhance resilience against cyber threats. Our focus is on ensuring compliance while enabling business growth, fostering trust, and safeguarding critical assets in an increasingly digital world.

Contact Us

To learn more about how we can assist with your cybersecurity, data protection and privacy needs, please reach out to:

• G. Vijay Kumar
• Teo Wai Sum
• Arissa Ahrom