Safeguarding Trust: The Role of Personal Data Protection Act 2010 and Corporate Standard Operating Procedures in Preventing Consumer’s Data Misuse

Intan Marhaenis Sharul Azuan; Ajmila Zarif Rusli; Farini Aina Khairuddin; Farhanin Abdullah Asuhaimi; Moh. Lu’ay Khoironi

Authors

Intan Marhaenis Sharul Azuan Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia
Ajmila Zarif Rusli Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia
Farini Aina Khairuddin Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia
Farhanin Abdullah Asuhaimi Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia
Moh. Lu’ay Khoironi Department of Law, Fakultas Hukum, Universitas Wisnuwardhana, Indonesia

Keywords:

Consumer privacy, Corporate governance, Data breaches, Personal data protection

Abstract

Rising cases of personal data misuse in Malaysia have intensified calls for more effective consumer data protection mechanisms. Although the Personal Data Protection Act 2010 (PDPA) establishes the main legal framework for safeguarding personal information, large-scale breaches such as the leakage of 67.5 million personal records between 2011 and 2021, reveal persistent gaps between legal provisions and real-world practices. These incidents not only undermine consumer trust but also expose system weaknesses in both regulatory oversight and corporate compliance cultures. This article examines the issue through a doctrinal legal analysis of the PDPA, supplemented by content analysis of selected corporate compliance measures, with comparative insights drawn from other jurisdictions such as the European Union’s General Data Protection Regulation (GDPR) and the Singapore’s Personal Data Protection Act 2012. The findings reveal that many data breaches stem less from legislative inadequacies than from weak enforcement of internal standard operating procedures (SOPs), insufficient training within the organizations. The study concludes that effective consumer data protection in Malaysia necessitates a dual approach. On one hand, strict compliance with PDPA obligations must be ensured through active regulatory enforcement, including monitoring, inspections and sanctions. On the other hand, corporations must strengthen internal governance by institutionalising SOPs, investing in continuous staff training, and embedding accountability mechanisms across organizational structures. By fostering stronger synergy between statutory law and corporate self-regulation, companies can safeguard consumer trust, mitigate liability risks, and promote responsible business practices that support long-term sustainability in the digital economy.

Author Biographies

Intan Marhaenis Sharul Azuan , Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

intanmars13@gmail.com

Ajmila Zarif Rusli, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

ajmilazarif@gmail.com

Farini Aina Khairuddin, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

fariniainakhairuddin@gmail.com

Farhanin Abdullah Asuhaimi, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

farhanin@unisza.edu.my

Moh. Lu’ay Khoironi, Department of Law, Fakultas Hukum, Universitas Wisnuwardhana, Indonesia

mohluayk@gmail.com

Safeguarding Trust: The Role of Personal Data Protection Act 2010 and Corporate Standard Operating Procedures in Preventing Consumer’s Data Misuse

Authors

Keywords:

Abstract

Author Biographies

Intan Marhaenis Sharul Azuan , Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

Ajmila Zarif Rusli, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

Farini Aina Khairuddin, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

Farhanin Abdullah Asuhaimi, Department of Law, Fakulti Undang-undang dan Hubungan Antarabangsa, Universiti Sultan Zainal Abidin, 21300 Kuala Nerus, Terengganu, Malaysia

Moh. Lu’ay Khoironi, Department of Law, Fakultas Hukum, Universitas Wisnuwardhana, Indonesia

Downloads

Published

Issue

Section

cover

THE PUBLISHER

SUBMISSION

AIMS AND SCOPES

INDEXING AND ABSTRACTING

DISTRIBUTION OF AUTHORS

Information