Malaysia's Personal Data Protection Act 2010 (amended 2024) governs how organisations collect, use, store, and disclose personal data. As an employee handling customer names, ICs, contacts, or financial information, you are a data processor under PDPA. Fines reach up to RM 1.5 million.