top of page

Virtual Compliance for Businesses in Malaysia

Updated: Apr 20, 2021

Businesses in Malaysia continuously feel the heat from the COVID-19 pandemic and Movement Control Orders (MCOs). However, this situation has also created opportunities for businesses to thrive online.

In making the transition from offline to online or maintaining the presence in both physical and virtual world, there are various laws that one should adhere to.

Here, we address what it means to be virtually compliant in Malaysia, focusing on aspects such as content and data.

What is Virtual Compliance?

Compliance in business means adhering to a rule, such as a policy, standard, specification, or laws governing the business's operations. Virtual compliance is adhering to the aforementioned in the virtual world. Various laws surround content and data in Malaysia.

Personal Data Protection Compliance

Naturally, you will collect your customers and users’ data as they use your tools and services. You will also collect data from employees at your place of business.

How you use and store the data is essential to ensure you are compliant with laws regulating personal data.

Firstly, what constitutes personal data? We break it down into two categories namely employee information and customer information.

Employee Information

Personal Data:

  • Name

  • IC number/ passport number

  • Driver's license/ birth certificate

  • Bank account numbers

  • Home address/ personal phone numbers

Sensitive Personal Data:

  • Race

  • Religion

  • Health records

  • Offence records

Customer Information

Personal Data:

  • Name

  • IC number, passport number

  • Personal phone number

  • Home address/ email address

  • Bank account numbers

Sensitive Personal Data:

  • Race

  • Religion

  • Health records

  • Offence records

In Malaysia, we are regulated by the Personal Data Protection Act 2010 (PDPA). The Act controls the processing of personal data for commercial purposes.

It does this by spelling out the duties throughout the data lifecycle and setting up data management standards. The Act is also put in place to help identify data risks, improve security measures, and promote data integrity.

Which industries does PDPA apply to?

Essentially, PDPA applies to all industries. The only exceptions are for the following bodies, persons and usage:

  • Federal & States Government

  • Personal, Family, Household Affairs Data

  • Processed Outside of Malaysia

  • Non-Commercial Transactions (for example, data shared on social media sites)

  • Credit Reporting Agencies

To ensure you adhere to PDPA, you must keep your security standards in check; update your systems and anti-virus software to prevent data intrusion, control who has access to customers and employees’ personal data and keep a record of personal data that are transferred offline, such as through mail, fax or hand-delivery.

Do also ensure that you only retain data for the period you are required to. For example, data needed for Income Tax only needs to be retained for seven-year as per the Income Tax Act 1967.

Finally, keep your data integrity up to standards by ensuring that you notify customers and employees of any personal data updates immediately. Most importantly, get their consent before utilising the personal data.

Content Compliance

When you operate a website, you must be aware of the Communications and Multimedia Act 1998 (CMA) to regulate your post's content.

The CMA governs content that is being posted on multimedia channels, including websites. CMA prohibits content that is, in essence, indecent, obscene, false, menacing or offensive in character with intent to annoy, abuse, threaten or harass any person. The following guidelines and procedures are set in order to assist compliance with the Act through self-regulation.

Indecent Content

Indecent content covers offensive content, morally inappropriate content, and content against current acceptable behaviour standards. Importantly, nudity and sex cannot be shown unless approved by the Film Censorship Board.

Obscene Content

Obscene content is content that is lewd and offensive to one's prevailing notion of decency and modesty. These types of content are prohibited in fear the showcase of them may negatively influence and corrupt the mind of those easily influenced. Specific regards are held to:

  • Explicit Sex Acts/Pornography

    • The portrayal of sexual activity, sex crimes, bestiality through animation and whether consensual or otherwise, is prohibited.

  • Child Pornography

    • Any depiction of child pornography, including part of a minor's body in what might be reasonably considered a sexual context, is prohibited. This includes written material, visual and/or audio representation that reflects sexual activity, whether explicit or not, with a minor.

  • Sexual Degradation

    • Prohibition for the portrayal of women, men or children as mere sexual objects or in a manner that demeans them.


Psychological and psychical violence or incitement to violence should be portrayed responsibly and not exploitatively. Presentation of violence must avoid the excessive, the gratuitous, the humiliating, and the instructional. Particular care should be exercised where children may see or be involved in depicting violent behaviour. Specific considerations are as follows:

  • Offensive violence

    • The portrayal of violence that can cause upset, alarm and offend viewers and cause undue fear among the audience.

  • Imitable violence

    • The portrayal of dangerous behaviours that may be imitated in real life.

  • Sexual violence

    • Graphic representations of sexual violence, including rape, attempted rape, non-consensual sex acts, and violent sexual behaviour, are not allowed.

  • Violence and young, vulnerable audiences

    • Special consideration must be placed towards the susceptibility of younger audiences, particularly those impressionable minds.

Menacing Content

Menacing content is content that threatens harm or evil, encourages or incites crime, or leads to public disorder. Hate propaganda and information that may threaten national security or public health and safety are also not to be presented.

Bad Language

Bad language, including expletives and profanity, is prohibited due to its offensive nature. Bad language includes the following:

  • Offensive Language

  • Crude References

  • Hate Speech

  • Violence

False Content

False content, misleading content and incomplete information are prohibited except satire and parody content or where it is apparent to an ordinary user that the content is fiction.

Family Values

Women and men should be portrayed without discrimination, as equals in economic and emotional capacity, and in both public and private situations. Notwithstanding societal discrimination, content should reflect an awareness of the need to avoid and overcome biased portrayals based on gender.

Persons with Special Needs

Humour based on physical, mental or sensory disability is risky, thus should be avoided. Reference to a disability should be portrayed in a neutral context, without prejudice.


The PDPA comes into play here again, and the privacy of individuals should be respected. No content should be imposed into a person's privacy unless required by law and/or necessary in the interest of the public, including but not limited to Section 15 of the Child Act 2001 regarding a child's privacy.

Advertising and Promotions

Part and parcel of running a business is advertising and promotion. Section 3.1 of the Content Code addresses principles that one should follow when advertising:

  • All advertisements must conform with this part and to the general guidelines on content.

  • All advertisements should be legal, decent, honest and truthful.

  • All advertisements should be prepared with a sense of responsibility to consumers and society.

  • All advertisements should respect the principles of fair competition generally accepted in business.

It is common for businesses now to offer giveaways or free products as means to encourage more traffic to their social media and websites as well as another form of advertising.

In making a free offer conditional on the purchase of other items, the material featuring the offer must clearly state consumers' liability for any costs.

An offer should be described as free only if consumers pay no more than the following:

  • Current public rates of postage.

  • Actual cost of freight or delivery.

  • Costs, including incidental expenses, of any travel involved if consumers collect the offer.

  • Advertisers should make no additional charges to consumers for packing and handling.

Final Words

Virtual compliance for your business is essential to ensure you are lawfully running your business. You can also protect yourself from accidental breaches or losing your business over non-compliance. While this article addresses some main parts, there is a broad spectrum in virtual compliance. It is best you seek a lawyer who will be able to advise you better concerning your particular industry and business itself.


Note: This article does not constitute legal advice to any specific case. The facts and circumstances of each case will differ and, therefore, will require specific legal advice. Feel free to contact us for complimentary legal consultation.

106 views0 comments

Recent Posts

See All


bottom of page