– the types of personal data you collect and process
– the purposes for which you collect and use personal data
– how do you collect personal data
– with whom you share personal data
– how long do you retain personal data
– what rights do individuals have in relation to their personal data
– how individuals can contact you about your handling of their personal data.
You may also want to consider including other clauses such as:
– the legal basis on which you process personal data (e.g. consent, contract, etc.)
– whether you transfer personal data outside of Malaysia and, if so, where it is transferred to
– what security measures do you have in place to protect personal data
– what third-party service providers do you use, and how they are allowed to use personal data.
Including these clauses is not compulsory but may be advisable depending on your business and the type of personal data you process. You should speak to a lawyer about which clauses are appropriate for your business.
The General Data Protection Regulation (GDPR) is a set of regulations implemented by member states of the European Union in order to protect digital data privacy. The GDPR applies to businesses with EU customers, regardless of whether the business is based inside or outside the EU.
If you have EU customers, you will need to comply with the GDPR unless an exception applies. One potential exception is if your business does not have an establishment in the EU but offers goods or services to individuals in the EU- in this case, you will only be subject to the GDPR if you process personal data for certain purposes related to offering goods or services (e.g. marketing) or monitoring behavior that takes place within the EU.
If you are not sure whether the GDPR applies to your business, you should seek legal advice. Even if the GDPR does not apply to your business, you may still need to comply with other data protection laws, such as the Personal Data Protection Act 2010 in Malaysia.