Malaysia PDPA and Your Email System.

So PDPA or Personal Data Protection Act 2010 is finally fully enforced this year in Malaysia. There are a lot of consultants out there waiting you to spend some decent money on the consultation. If you can afford the spending, it is always good. But the problem comes after the consultation, so far the Law stated that you need to protect your customer data and so on but it doesn’t give you an industry standard or practices to do so.

To give you an idea, in front end interfaces such as your website contact form, you need to clearly stated how would you treat the information, protect the data and destroy it when it is no longer relevant. So, how about the back-end? How do to secure your website from being hacked? Who has access to the website database, contact list and so on?

Now let’s look at the Key Considerations in IT when comes to PDPA.

  1. Data Usage & Monitoring
  2. Data Back-up & Archival
  3. Portable Devices
  4. Security & Access
  5. Systems Implementation
  6. Password

Now, we apply these 6 key considerations on your company’s email platform as standard practices to meet PDPA compliance upon registering your company to PDPA.

Data Usage & Monitoring

This basically means “Content Compliance” in email system. In other words, what are the information that cannot be sent out via email? e.g. Credit Card number, IC number and so on.

Now, if your email platform doesn’t have that “Content Compliance” function to automatically filter sensitive email, you’re in risk. Your employee might carelessly send out customer’s sensitive data someday.

Data Back-up & Archival

Commonly, there are email accounts which are shared among employees, sharing the same login and password. The problem is, how would you know who is the actual sender or the person who are responsible for sending that particular email?

On the other hand, what if the emails in an account are deleted? Therefore, an real time email archiving in a separate server is important when comes to email legitimate issues.

Portable Devices

Are your email being downloaded to your phone or laptop? When your phone is lost, or accessing public WIFI and being hacked and eventually resulted in email with sensitive data such as account password being stolen.

You need an email platform which comes with mobile management. A console that can control your employee phone access, mobile password policy, contingency plan such as remote data wipe.

Security & Access

How secure is your email platform? Are your email accounts SSL encrypted?

Is there SMS verification upon login?

Who can access to your email server? (Do you know that in most self hosted email server, IT admin will be able to read user’s data without password.)

Is there audit log for a IT personnel when accessing the email server?


What is the minimum password strength required? How frequent the password need to be changed?

Systems Implementation

This basically means that you need to design a system which covers standard procedure, rules and regulation and email policy as a whole. And you only can implement it when you have an email platform that can support such features.


PDPA will assess your IT security protocol, practices, policies and so on. In fact, main part of the works are rely on the management and users to set out the game plan in advanced. Without it, all these standards won’t be able to put into executions.

Talk to Us

Google Apps for Business is a cloud based email platform that designed for small to large enterprises. It has all the security, protection and compliance which meets the requirement of PDPA. Why not give us a call and see if we can help you on this? 03-8994 9655 or visit