Although there is no general obligation to notify individuals or PDP of personal data in accordance with the PDPA, there appears to be different reporting obligations imposed by different regulatory authorities and relevant authorities based on the specific facts of each case. The PDPA gives data users the following rights (subject to qualifications) for their personal data: the 2015 data protection standards (« PDP standards » issued by Commissioner PDP) also include minimum data security requirements for electronic and non-electronic processing of personal data. This includes the need to provide IDENTIFIANTs and user passwords to the employee in order to access personal data and immediately terminate the user`s user`s credentials and passwords when an employee no longer processes data. Data users are also required to set physical security procedures, such as storing personal data. B in an appropriate location, which is not exposed and protected from physical or natural threats, and the provision of a closed-circuit camera where the data depends (if necessary). « Data protection laws » are all data protection and data protection laws and regulations applicable to the processing of personal data under the agreement, including, where appropriate, EU data protection law. The 2013 regulations stipulate that consent must be registered and duly retained by data users. The requirement to register consent implies that consent must be obtained explicitly or through opt-in methods, since consent may not be registered if it is implied or if an opt-out method is used. In addition, it should be noted that the 2013 regulation provides that the authory of proof rests with the data user. The 2013 Regulation also specifies that, where consent is required, the requirement to obtain consent in its appearance is presented as distinsible to other situations. Where personal data relates to a person under the age of 18, the consent of the parent, legal guardian or person responsible for the person responsible for the person concerned must be obtained. Section 2, paragraph 2 of the PDPA states that the PDPA applies to a person « established in Malaysia » or who is not established in Malaysia when using « equipment in Malaysia » to process personal data for purposes other than transit through Malaysia. Companies involved in the PDPA and companies that frequently transmit personal data from Malaysia should take seriously the corresponding provisions and sanctions related to the transfer of personal data from Malaysia.