At Shearn Delamore & Co., our Personal Data Protection & Privacy Laws Practice Group delivers smart, strategic and sector-tailored solutions across Malaysia’s data landscape. We help clients thrive in today’s digital economy – where data is currency – by defending the safe, responsible and lawful use of personal data. We advise clients across a broad range of industries, including banking and financial services, retail, telecommunications, healthcare, education, tourism and hospitality.

Whether guiding multinationals or fast-scaling start-ups, our team is trusted for its deep technical knowledge, commercial acumen and regulatory insight. We provide end-to-end support on all aspects of the Personal Data Protection Act 2010 (PDPA) and related laws, from compliance and policy development to investigations, disputes and breach response. Our key areas of expertise include:

1. Compliance Frameworks & Data Governance: We design, review and and implement robust data protection and compliance frameworks aligned with your organisation’s risk profile, business objectives and sector requirements. This includes :

• developing internal governance policies (e.g. Acceptable Use Policies);
• preparing cyber incident response strategies;
• cross-border advisory and compliance coordination.

2. Privacy Policies: We draft, review, and update privacy notices and data protection policies for clients across industries, building customer trust and ensuring full regulatory alignment.

3. Data Protection Agreements: We prepare and negotiate key documentation, such as :

• Data Sharing Agreements;
• Data Processing Agreements;
• Cross-border Data Transfer Agreements;
• Practical playbooks for teams managing data-sensitive transactions.

4. Gap Analysis Services: We conduct thorough PDPA gap assessments of your data lifecycle, including:

• Collection, use, transfer and retention practices;
• Documentation and forms;
• Internal policies and controls

We deliver practical, prioritised recommendations for closing compliance gaps.

5. Corrective action planning: We assist in implementing remedial steps, including drafting and refining:

• Contractual clauses;
• Internal and external policies;
• Consent and data subject request forms

6. Data Breach Management: We deliver calm, clear-headed counsel in times of crisis. Our services include:

• Data breach notification and regulatory engagement;
• Crisis communications and media strategy;
• Coordination with forensic, PR, and ransom negotiation team;
• Post-breach recovery and preventive planning.

7. Data Protection Officer (DPO) Support: We provide DPO support services to help clients embed compliance into operations and culture.

8. Training & Capacity Building: We deliver tailored trainings programmes – from board-level briefings to operational workshops – ensuring your teams stay updated on evolving laws and best practices.

9. Dispute Resolution & Enforcement: We represent clients in data-related litigation and regulatory proceedings, defending their interests in investigations and enforcement actions.

10. Regulatory Engagement: We act as liaison with the Personal Data Protection Commissioner, supporting clients in:

• Managing regulatory queries and inspections;
• Strategic engagement with the regulator;
• Proactive compliance positioning

Trusted by industry leaders, and rooted in a legal heritage dating back to 1905, we are proud to be at the forefront of shaping data protection law and practice in Malaysia. Let us help you future-proof your business and turn compliance into a competitive edge.