Articles

The Malaysian Personal Data Protection Act (PDPA), effective since November 15, 2013, governs the processing of personal data within Malaysia. It applies to all businesses involved in commercial transactions. However, as Malaysian enterprises increasingly expand their operation across international horizons, a pressing question arises: does compliance with the PDPA seamlessly align with the stringent requirements of GDPR (General Data Protection Regulation)? Indeed, the GDPR is relevant to Malaysian companies if they either provide goods or services to, or monitor the activities of, individuals within the European Union – Article 3 of GDPR[1]. Failure by Malaysian companies to adhere to GDPR standards when collecting or processing personal data of EU citizens may result in the imposition of hefty fines of up to 4% of global annual turnover or €20 million, whichever is greater, for non-compliance[2]. To introduce GDPR briefly, it is a regulation in EU law, since May 25, 2018, on data protection and privacy in the European Union (EU) and the European Economic Area (EEA) which aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business through harmonised regulation within the EU. Complying with PDPA the same with GDPR? While both the PDPA and GDPR share the common goal of safeguarding an individual’s right to their personal data, however, GDPR provides individuals within the European Union with more extensive rights in relation to their personal data. GDPR stands as a more comprehensive and rigorous data protection law compared to the PDPA. It grants individuals greater control over their personal data and places stricter obligations on organisations engaged in personal data processing. Nevertheless, the detailed comparison between PDPA and GDPR merits a separate discussion. Should a Malaysian companies adopt GDPR standards? The Golden Standard. GDPR’s inception was driven by the aim of advancing the Digital Single Market[3] strategy, seeking to establish a unified set of regulations in the digital realm while encouraging innovative thinking in areas pivotal to competitiveness and future technological growth. GDPR’s comprehensiveness is geared towards establishing leadership in the global digital economy. By offering enhanced protection, it bolsters fundamental societal rights. GDPR, notably, mandates that individuals must provide explicit consent – Recital 32 of GDPR[4][LPP1]  before data processing is permitted and enables individuals to request for deletion of their data (the right to be forgotten – Article 17 of GDPR[5]), these are provisions which are absent in PDPA [LPP2] and grant individuals greater control over their own data. One Set of Regulations for Eeveryone. The GDPR is the unified legislation on personal data protection throughout the European countries. It provides similar benefits and rights for all individuals regardless of the company size. This means that Malaysian companies that adopt GDPR standards will only have to comply with one set of regulations, rather than multiple sets of regulations in different countries. Modern Personal Data Protection Framework. GDPR introduces innovative concepts that are absent in the PDPA, like data portability and streamlined data transfer mechanisms, which are vital components of its modernity, aligning with the borderless nature of the digital age. Data portability – Article 20 of GDPR[6], a hallmark of GDPR, empowers individuals by allowing them to request their personal data in a machine-readable format. This facilitates easy transfer of their data to another service provider (data controller), ensuring modern data practices align with user-centric principles. Additionally, GDPR’s approach to international data transfers – Article 44 of GDPR[7] is noteworthy. It offers a range of mechanisms, such as mandates data protection impact assessments[8][LPP3]  ,Standard Contractual Clauses[9] (SCCs) and Binding Corporate Rules[10] (BCRs), to facilitate secure and compliant cross-border data flows (contrast with the default position on transfer under PDPA[11]). [LPP4] The GDPR reflects the modern reality of global data transfer requirements and ensures that individuals’ personal data remains protected regardless of geographical boundaries. By adopting GDPR standards, Malaysian companies can embed data protection principles into the earliest stages of product development emphasis on “privacy by design and default”. Stricter Personal Data Legislation. GDPR stands out as notably stricter than PDPA in safeguarding personal data. It enforces significantly higher fines for non-compliance, imposes rapid data breach notification requirements, and sets a higher standard for obtaining and recording consent. As consumers are increasingly aware of their data privacy rights and are more likely to do business with companies that they trust to protect their data. Adopting GDPR standards not only shows that a company is committed to protecting its customers’ data privacy but a strategic move that positions companies favourably in the global marketplace. Conclusion In conclusion, while Malaysian companies are inherently bound by the PDPA, the adoption of GDPR standards, which represent a more comprehensive and rigorous data protection regime, presents an array of advantages, particularly for companies venturing into the European market. However, it is crucial to acknowledge that embracing GDPR standards necessitates meticulous deliberation by companies, as it entails significant shifts in data collection practices and often requires substantial technological investments. [1] https://gdpr-info.eu/art-3-gdpr/ [2] https://gdpr-info.eu/art-83-gdpr/ [3] https://edps.europa.eu/data-protection/our-work/subjects/digital-single-market_en [4] https://gdpr-info.eu/recitals/no-32/ [5] https://gdpr-info.eu/art-17-gdpr/ [6] https://gdpr-info.eu/art-20-gdpr/ [7] https://gdpr-info.eu/art-44-gdpr/ [8] https://gdpr-info.eu/art-35-gdpr/ [9] https://gdpr-info.eu/recitals/no-168/ [10] https://gdpr-info.eu/art-47-gdpr/ [11] https://www.azmilaw.com/insights/data-protection-limits-to-the-lawfulness-of-transborder-flow-of-personal-data-outside-malaysia/

In general, the directors of a company have the power and authority to make decisions pertaining to the business of the company. However, it is essential to note that certain transactions require approval from the company’s shareholders, as stipulated by the Companies Act 2016 (“Act”). An instance of this is when the company engages in substantial property transactions with its directors, substantial shareholders, or persons connected with them. This requirement is defined in Section 228 of the Act. Rationale for Section 228 Section 228 is designed to prevent potential abuses, such as self-dealing and asset-stripping, by directors and controlling shareholders. This often occurs through transactions involving acquisition of assets for the company or sale of the company’s assets at non-market rates or on less favourable terms than the company would have received from a bona fide third party. Such actions can be detrimental to the interests of shareholders, given that they are unfairly structured to shift wealth from the company to the interested individuals involved. To address these risks, Section 228 introduces specific procedures that must be observed and complied with by a company when a transaction falls within its scope. Essentially, this section requires shareholders’ approval to be obtained for transactions involving related parties as defined by its provisions. Transactions entered into by a company in contravention of Section 228 shall be void. Identifying Transactions Falling under Section 228 To fall under the umbrella of Section 228, there are 3 elements that must be present: Element 1: Type of arrangements or transactions The type of arrangements or transactions falling under Section 228 contains in two limbs – Section 228(1)(a) and (b). Such arrangements or transactions can take any of the following forms between the company and a related party: “Non-cash asset” means any property or interest in property other than cash. Furthermore, it is clear from Section 228(1)(a) and (b) that the acquisition or disposal of shares or non-cash assets shall be made with the company (Kam Thai Eng Linda & Anor v Tan Sri Dato’ Kam Woon Wah & Ors [2020] 1 LNS 2124). Element 2: Categories of Related Parties                                  Section 228 applies where transactions made by the company are with any of the following related parties: (a) a director (as defined in Section 210 of the Act) of the company or its holding company; or (b) a substantial shareholder (as defined in Section 136 of the Act); or (c) a person connected with the director or substantial shareholder. A “person connected with a director” is defined in Section 197 and includes: This same definition also applies to persons connected with a substantial shareholder. Element 3: Requisite Value Section 228 only applies where the transactions meet the requisite value threshold stated under this section. For public listed companies and their subsidiaries, requisite value shall mean the value as defined in the listing requirements of the stock exchange where shareholders’ approval at a general meeting is required. On the other hand, for private or unlisted public companies, it depends on the value of non-cash assets involved in the transaction. The table below summarises when the prior approval of shareholders is required to be obtained to comply with Section 228: Threshold Value Shareholders’ Prior Approval  Less than RM50,000   No More than RM50,000 and less than 10% of the company’s net assets No More than RM50,000 and more than 10% of the company’s net assets Yes More than RM250,000   Yes The value of the company’s net assets is determined based on the accounts prepared in accordance with Section 245 of the Act for the last financial year preceding the transaction. In cases where no accounts have been prepared prior to the transaction, the value is determined based on the company’s called-up share capital. Exempted Transactions There are exceptions to Section 228. Section 229 identifies various transactions that do not qualify as related party transactions. These exceptions include: For transactions falling within these exceptions, the approval of shareholders is not a prerequisite. When all 3 elements mentioned above are satisfied, the approval of the company’s shareholders in a general meeting must be obtained before the said arrangement or transaction can be carried into effect and valid in law, unless the transaction comes under one of the exceptions provided under Section 229 (Omega Securities Sdn Bhd v. Yeo Lee Hoe [2003] 1 CLJ 276). How is prior approval obtained? If a transaction or arrangement falls within the ambit of Section 228, it must be approved through a resolution passed by the shareholders at a general meeting. The resolution required is an ordinary resolution, and Section 228(1)(A) or (B) specifies that the approval must occur at a general meeting. This means that a member’s resolution in writing is not an option for the purpose of compliance with Section 228. As for the reading of Section 228(1)(A) and (B), the High Court in Kam Thai Eng Linda held that Section 228 only requires shareholders’ prior approval before an arrangement or transaction is ‘carried into effect’, rather than before the transaction is “entered into,” which can be made subject to the shareholders’ approval. The implication is that shareholders are required to provide their approval before the transaction is executed or implemented. However, it is possible for initial negotiations or discussions about the transaction to occur or for the parties to enter into the arrangement before seeking shareholders’ approval, as long as approval is obtained for the company to formally proceed with the transaction and become legally bound by the terms of the arrangement. If the transaction or arrangement benefits a director or substantial shareholder of the company’s holding company, or a person connected with such a director or substantial shareholder, it also necessitates prior approval through a resolution of the holding company (Section 228(2)(b)). In cases where the company involved in the acquisition or disposal is an unlisted subsidiary of a publicly listed company, approval for the same transaction or arrangement is required from the shareholders of the unlisted subsidiary at a

Introduction In the dynamic world of business, the Letter of Intent (“LOI”) often plays a critical role in shaping major deals. Serving as a foundational tool in business negotiations, it bridges the gap between informal discussions and formal contracts. This article explores the significances of the LOI, its legal standing and its application across various business contexts. What is an LOI? An LOI is a preliminary document outlining proposed key terms and intentions for a business deal. For instance, an LOI might outline the basic terms of a merger before the parties negotiate the details. Generally, it is non-binding, but specific clauses such as confidentiality can be made binding to safeguard sensitive information exchanged during business negotiations. Key Elements of an LOI: An effective LOI encompasses key elements that lay the groundwork for successful negotiations. These include: Benefits of Using an LOI: Using an LOI in business negotiations offers several benefits: Legal Interpretation of an LOI – Insights from a Landmark Malaysian Case The 1994 Malaysian Supreme Court case, Ayer Hitam Tin Dredging Malaysia Bhd v. Y C Chin Enterprises Sdn Bhd [1994] 3 CLJ 133 provides crucial insights into the legal interpretation of LOI in Malaysia. In essence, this landmark case illustrates that the binding nature of an LOI hinges on the specific terms used and the intentions behind the LOI. Nature of an LOI Parties’ Intentions Details of LOI and Financial Commitments Potential for Compensation Practical Application of the LOI: The LOI plays a crucial role in commercial transactions and business negotiations, as seen in various business scenarios. The examples as provided below underscore the importance of an LOI as a preliminary but pivotal step in formalising intentions and terms in various high-stake business dealings: Conclusion In business negotiations, an LOI is more than just a preliminary step; it is a strategic tool. By clearly outlining the terms of a proposed deal, it leads to smoother negotiations and stronger partnerships. Its effective use can significantly enhance the success and efficiency of business transactions.

Efficiently managing your workforce involves not only the hiring process but also the art of gracefully concluding employment contracts. To handle this process with care, it is important for employers to understand a vital element – the “notice period.” This article will guide you through the notice requirements outlined in the Employment Act 1955 (the “Act”). Why is notice necessary? It is a legal requirement for employers and employees to provide written notice when terminating an employment relationship (Section 12(1) and Section 12(4) of the Act). Apart from the legal requirement, giving proper notice also grants both the employers and employees the necessary time to plan for their next steps. How long is the notice period? According to Section 12(2) of the Act, the notice period must be the same for both employers and employees for employment termination. The duration of the notice period is specified in the employment contract or letter of offer. However, if the employment contract or letter of offer is silent on the notice period requirements, the Act provides a default notice period for employment termination, as outlined below: Length of Employment Notice Period Less than 2 years 4 weeks’ notice 2 years or more but less than 5 years 6 weeks’ notice 5 years or more 8 weeks’ notice What happens if you fail to give notice or give insufficient notice? While notice period is a legal requirement, Section 13(1) of the Act allows for payment of salary as a substitute for the required notice period. To better understand this concept, let’s illustrate the options available to the employers with an example. Imagine employer A intends to terminate employee B’s employment, the employment contract provides that 2 months’ notice or payment in lieu of notice is required. To comply with this requirement, employer A can choose any of the following options: If employer A fails to adhere to any of these options, employee B has the right to: against the employer through the Labour office. Can the Notice Period be waived? Yes, section 12(2) of the Act provides that the party receiving the termination notice has the right to waive the notice period. For example, employee B tenders his resignation notice to employer A and wishes to leave his current job immediately, employer A (the party receiving the notice) will have discretion to decide whether to waive the notice period. Can the employment relationship be terminated without notice? Yes, there are limited circumstances prescribed under the Act that allow for termination without notice, including: It is important to note that the Act does not define “wilful breach”. However, section 15 of the Act does outline instances when an employment contract is deemed to be broken. These instances include: The Act also does not define “misconduct” or specify what behaviours constitute misconduct. Usually, a list of minor and major misconducts will be provided in the employee handbook. This list may vary depending on the company and include offenses like theft, assault on a colleague, or insubordination. It is important to note that dismissal due to misconduct should only occur following a proper inquiry to avoid wrongful termination. Considering the above, terminating an employment contract without notice carries some risk to the employers if not done with great care. If employers intend to summarily dismiss employees, they must carefully assess the situation and have valid grounds for summary dismissal. In a summary dismissal case, it is crucial for employers to present compelling evidence demonstrating that the employees indeed committed the alleged offence or offences that led to their termination. This legal principle was affirmed in the case of Ireka Construction Berhad v. Chantiravathan Subramaniam James [1995] 1 MELR 373. Understanding the concept of notice period is essential for employers. The notice period requirement ensures a fair and smooth transition when ending an employment contract. Failing to provide adequate notice can potentially lead to legal troubles and financial consequences!

As a supplier, expanding your business through offline distribution channels can present both opportunities and challenges. Engaging a distributor can open up new markets and increase your reach, but it also comes with potential pitfalls. To navigate this journey successfully and safeguard your interests, a well-structured distributorship agreement becomes paramount. In this article, we will explore common problems that SME suppliers might face in such arrangements and explain how a distributorship agreement can address these concerns. Common Problems in Supplier-Distributor Relationships: Suppliers often encounter payment delays, discrepancies in payment, or in some cases, non-payment, affecting suppliers’ cash flow and profitability. Suppliers brand’s reputation is at stake if distributors mishandle, store, or transport their products improperly. Distributors might cross territorial boundaries, undercutting suppliers’ pricing strategy and causing conflicts between distributors, suppliers, and even end customers. Misaligned expectations concerning sales targets, marketing efforts, and product promotions can lead to dissatisfaction and disputes between suppliers and distributors. Suppliers face challenge in concluding business relationship amicably. These are the core issues that suppliers may encounter in their relationships with distributors. A well-crafted distributorship agreement offers an effective way to mitigate these challenges and establish a mutually beneficial partnership. How a Distributorship Agreement Helps? The distributorship agreement outlines the pricing structure, payment schedule, and consequences for non-payment, which may include financial penalties. The presence of clear payment terms in the distributorship agreement ensures that both the suppliers and the distributors have a mutual understanding of how payments will be managed throughout the business relationship. This shared understanding reduces the likelihood of misunderstandings or disputes related to payment matters. The distributorship agreement can include specific product standards and specifications that the distributors must adhere to. For example, provisions such as product handling, storage, and quality control. For high-value or perishable products, the suppliers can consider imposing an obligation on the distributors to secure insurance coverage to mitigate the risk of financial loss due to damage or loss of products. If suppliers have entrusted certain distributors with the rights to promote and market their products in the designated regions, it is important that all promotional and marketing efforts align with the suppliers’ marketing plan. To maintain this alignment, the distributorship agreement can make it a requirement that any promotional and marketing plan must receive the suppliers’ prior approval. This proactive step ensures a harmonious and consistent brand image across all regions. In addition to the critical aspects of product quality and brand image, it is equally vital to protect all suppliers’ intellectual property rights such as patents, copyrights, and proprietary business and product information. Unauthorised use or alteration of these intellectual properties can cause far-reaching and detrimental consequences to the suppliers’ business. The distributorship agreement should contain provisions specifically designed to safeguard the suppliers’ intellectual property to prevent any misuse or infringements. A precise definition of the distribution territory is an essential component of a distributorship agreement. This critical step serves to avoid conflicts, market overlap, and misunderstandings between the suppliers and the distributors. It is also important to outline both online and offline territories. For instance, if the strategy involves e-commerce for specific areas and distributors managing offline sales, this should be explicitly stated in the agreement. If suppliers plan to reserve specific territories or customer bases for themselves or other designated distributors, it is paramount to incorporate explicit provisions within the agreement. These provisions reinforce the territorial structure and ensures that each party’s responsibilities and limitations are outlined in the agreement to eliminate potential miscommunication. In many distributorship arrangements, minimum order quantities (“MOQ”) are imposed on distributors. MOQ serves to align both suppliers and distributors with specific sales targets and business objectives. To ensure compliance with MOQ, the distributorship agreement can incorporate these requirements. Failure to achieve these requirements may result in penalties and termination of the distributorship arrangement. The effectiveness of the distributor in distributing the products has a direct and substantial impact on the suppliers’ overall business performance. As such, the distributorship agreement can incorporate key performance indicators, yearly sales targets, and sales forecasts. These metrics offer an objective framework for assessing the distributors’ performance. The distributorship agreement plays a pivotal role in providing a structured framework for termination and exit procedures. Termination clauses including the required notice periods and any associated exit terms or penalties will be specified within the agreement, Moreover, the distributorship agreement can address post-termination matters such as whether the suppliers can retain the right to purchase existing stock from the distributors or whether the distributors are granted the ability to sell off the remaining stock. By meticulously defining distribution territories, setting performance metrics, ensuring product quality, structuring payment terms, protecting intellectual property and retaining control over marketing, it lays the groundwork for a thriving distributor-supplier relationship. When these elements are thoughtfully crafted and adhered to, they pave the way for long-term success in a competitive market.

Electronic signatures and digital signatures are often used interchangeably to refer to tools for signing digital documents. Traditionally, signing involved physical documents or objects, such as paper signatures or fingerprints, to indicate that the signer had read, understood, and agreed to the document’s content. Today, technology allows for digital signing by affixing a name, mark, or drawing to a softcopy document, known as an electronic signature or digital signature. Although both terms serve similar purposes, they differ significantly in terms of framework, security, and admissibility. Electronic Signature In Malaysia, electronic signatures are governed by the Electronic Commerce Act (ECA). The ECA defines an electronic signature as any letter, character, number, sound, or any other symbol, or any combination thereof, created in an electronic form and adopted by a person as a signature. Essentially, any individual affixing their “name” to a PDF would be considered an electronic signature. The main purpose of the ECA is to recognize electronic messages in commercial transactions. For an electronic signature to be admissible, it must fulfill the following requirements under the ECA: An electronic signature is considered reliable if: If these requirements in Section 9 of the ECA are satisfied, the electronic signature meets legal standards. However, Section 10 of the ECA specifies that certain documents requiring a seal, such as Powers of Attorney, Wills, Trust documents, and Negotiable instruments (like Bank Cheques), are not admissible with an electronic signature unless affixed by a digital signature under the Digital Signature Act 1997. Digital Signature A digital signature provides a higher level of security compared to an electronic signature. While electronic signatures can be easily faked (e.g., person A signing as person B through impersonation), digital signatures offer enhanced profiling of the signer’s identity. The Digital Signature Act (DSA) 1997 defines a digital signature as the transformation (created using the private key corresponding to the signer’s public key) of a message using an asymmetric cryptosystem. This allows a person with the initial message and the signer’s public key to determine if the message has been altered since the transformation. For a digital signature to be legally binding under Section 62 of the DSA, it must meet the following criteria: In Malaysia, recognized digital signature options certified by licensed certification authorities include: Documents signed with digital signatures from these certified authorities have legal binding effects. However, digital signatures from foreign platforms do not hold the same legal validity due to the lack of appropriate certification by Malaysian authorities. Summary In summary, Malaysian law differentiates between electronic signatures and digital signatures. When a seal is required on a document, Section 10 of the ECA mandates that a digital signature is the minimum requirement. Parties should carefully consider the balance between the convenience of electronic signatures and the legal risks associated with potential challenges to their validity. For documents traditionally requiring a seal, using digital signatures or physical signatures might be more prudent to ensure compliance with statutory requirements and legal security.

In the realm of business, intermediaries and brokers play a critical role in connecting buyers and sellers, facilitating transactions, and ensuring smooth negotiations. However, operating as a broker without a formal agreement can lead to misunderstandings, disputes, and potential legal complications. Therefore, it is essential for intermediaries to sign a brokerage agreement to clearly define the terms and conditions of their engagement. This article explores the importance of brokerage agreements, key components to include, and best practices for drafting and executing these agreements. Importance of Brokerage Agreements A brokerage agreement is a legally binding contract between a broker and their client, outlining the scope of services, payment terms, duties, and responsibilities. This agreement is vital for several reasons: Key Components of a Brokerage Agreement When drafting a brokerage agreement, several critical components should be included to ensure it is comprehensive and effective: Best Practices for Drafting and Executing Brokerage Agreements To create an effective brokerage agreement, consider the following best practices: Conclusion For intermediaries and brokers, signing a brokerage agreement is not just a formality but a crucial step in establishing a clear, professional, and legally binding relationship with clients. By defining the terms of engagement, compensation, and responsibilities, a well-crafted brokerage agreement minimizes the risk of disputes and ensures that both parties’ interests are protected. Brokers should invest time and resources into drafting thorough and precise agreements, leveraging legal expertise, and maintaining transparent communication to foster successful and trustworthy business relationships.

Introduction: In the world of commerce, understanding the transfer of property and risk is crucial for any business involved in the sale of goods. Whether you are a seasoned trader or new to the field, mastering these legal frameworks will equip you with the tools to navigate the complexities of sales transactions. This article delves into the legal frameworks established by the Sale of Goods Act 1957 (“SOGA”), providing a clear roadmap for seller to ensure that the transfer of title and risk aligns with its strategic goals. When Do Title in Goods Transfer from Seller to Buyer? The transfer of property, or title, in goods is heavily reliant on the intentions of the parties involved. Section 19 of the SOGA provides that the property in the goods is to pass as intended by the parties. The determining factor is the intention of the parties, which must be gleaned from: Sections 20 to 24 of the SOGA provide default guidelines to ascertain the intentions of the parties, but they can be overridden by specific terms in the contract. A brief explanation of each section, along with sample examples, is as follows: Section Explanation   Example Section 20 Specific Goods in a Deliverable State When an unconditional contract is made for specific goods in a deliverable state, property in the goods passes to the buyer at the time of the contract. A furniture store sells a specific dining table displayed in its showroom. The contract does not specify any future actions to be taken by the seller. The title to the dining table passes to the buyer when the contract is made because the table is specific and in a deliverable state.   Section 21   Specific Goods to be Put into a Deliverable State   If the goods require something to be done to make them deliverable by the seller, property in the goods passes when these actions are completed, and the buyer is notified.   A buyer purchases a custom-built computer, which needs to be assembled from parts in stock at the seller’s shop. The title passes only after the computer is fully assembled and the seller notifies the buyer.   Section 22 Specific Goods in a Deliverable State When the Seller has to do Anything Thereto in Order to Ascertain Price   The property in goods only pass when the seller completes any necessary actions to ascertain the price, and the buyer is notified. A seller agrees to sell a bulk quantity of oil that needs to be measured to determine the final price. The title does not pass until the oil is measured and the buyer is informed of the quantity and total price.   Section 23   Sale of Unascertained Goods and Appropriation Unascertained or future goods can be transferred through appropriation, where either the seller with the buyer’s consent or the buyer with the seller’s consent sets aside goods that match the contract description. A retailer orders 100 units of a new smartphone model from a distributor, but the phones are not yet designated. Title passes when the distributor designates 100 specific units from their stock and both parties agree that these units have been set aside for their order.   Section 24  Goods Sent on Approval or “on Sale or Return”   The property in goods passes to the buyers when they signify their approval or acceptance, retain the goods beyond a fixed or reasonable time without rejecting them, or do any act adopting the transaction.   A jewellery store sends several pieces to a customer on approval for one week. Title passes when the customer either explicitly accepts the pieces (e.g., by a phone call or email stating the acceptance) or retains the pieces without rejection past the one-week period.   When Do Risk in Goods Transfer from Seller to Buyer? Under Section 26 of the SOGA, risk typically passes with the goods. This legal principle establishes that unless otherwise agreed by the parties involved, the goods remain at the seller’s risk until the property is transferred to the buyer. Once the property is transferred, the risk immediately shifts to the buyer, irrespective of whether delivery has been made. Knowing exactly when the property is transferred is crucial for the seller, as it clarifies the point at which the seller is no longer liable for the goods. For instance, if property passes to the buyer at the time of shipment, any damage or loss that occurs during transit thereafter becomes the buyer’s responsibility. Retaining Seller’s Rights in Goods? Once the property in the goods has passed to the buyer, the buyer becomes the owner and is generally free to deal with the goods. However, in many business transactions, especially when goods are delivered on credit, the seller may face increased financial risk. This risk arises because the buyer is allowed to pay for the goods during an agreed-upon credit term, which can sometimes lead to non-payment or delayed payment. In such scenarios, retaining the right to dispose of the goods becomes critical to safeguard the seller’s interests. Section 25 of the SOGA recognising the seller’s reservation of the right of disposal. This right ensures the seller can recover possession or potentially resell the goods to another buyer if the original transaction fails. An example of such a clause (sometimes called the Romalpa Clause or retention of title clause) is: “Notwithstanding shipment and the passing of risk in the Goods, the property in the Goods shall not pass to the Buyer until the Seller has received in cash or cleared funds payment in full of the price of the Goods.” This clause stipulates that transfer of title is contingent upon the full payment of the goods, clearly marking the receipt of funds as the point at which this condition is fulfilled. Thus, it safeguards the seller’s rights and financial interests even after the goods have been physically transferred to the buyer. The legality of the Romalpa Clause have been upheld in Malaysian courts.

We learned that GDPR applies to Malaysian entities if they are either offering goods or services or monitoring the behavior of individuals in the European Union – Article 3 of the GDPR. Although both the PDPA and GDPR aim to protect an individual’s rights over their personal data and focus on a data subject’s “identifiability” or “identification potential” to decide if the data provided constitutes “personal data,” data subjects within the European Union are afforded greater rights. The GDPR is a more comprehensive and stringent data protection law than the PDPA. It gives individuals more control over their personal data and imposes stricter obligations on organizations that process personal data. To keep pace with technological advancements, the Malaysian Personal Data Protection Department (JPDP) is actively considering significant updates to the current PDPA 2010, which is viewed as outdated. Proposed amendments, outlined in the Public Consultation Paper No. 1/2020, represent a transformative shift towards aligning with the European General Data Protection Regulation (GDPR). Notably, one such amendment aims to extend the PDPA’s jurisdiction to cover data users outside Malaysia monitoring Malaysian data, indicating a move towards GDPR-level data protection standards. In this article, we will delve into the distinctions between the PDPA and GDPR. Territorial Scope and Application The GDPR’s application extends beyond commercial interests to encompass various personal data processing activities, including social, educational, and employment contexts. This comprehensive approach contrasts with the PDPA’s focus primarily on commercial transactions, which could leave non-commercial data processing scenarios under-protected. PDPA Aspect GDPR Applicable only in Malaysia.   Focus on personal data in commercial transactions.   Excludes the Federal Government, State Government, and credit reporting businesses. Applications and Territorial Scope Extra-territorial applicability.   Applies to EU member states, with extra-territorial effect, covering data subjects in the EU. Standard of Consent Required The PDPA intertwines consent with data collection purposes but lacks a clear definition of “valid consent,” allowing for “implied consent.” In contrast, the GDPR mandates that consent be “freely given, specific, informed, and unambiguous,” thus providing clearer guidelines for data controllers. PDPA Aspect GDPR Required consent for data processing but not specified in detail.   Must be recorded and maintained. Standard of Consent Required Consent must be actively given.   Consent must be freely given, specific, informed, and unambiguous. Retention of Data Under the PDPA, data users have flexibility in retaining personal data as long as it remains justifiable. However, the lack of a specific timeframe leaves room for interpretation. Conversely, the GDPR empowers data subjects with the right to request data erasure when data is no longer necessary or consent is withdrawn, imposing stricter obligations on data controllers. Authority Over Personal Data The PDPA grants limited rights to data subjects primarily in restricting processing likely to cause damage or distress and for direct marketing purposes. The GDPR, however, confers broader rights, including data portability, erasure, and the ability to object to data processing. PDPA Aspect GDPR Limited rights.   Right to restrict processing when the processing is likely to cause damage or distress.   Right to prevent processing for the purposes of direct marketing. Authority Over Personal Data Confers data subject greater controls over their personal data.   Right to restrict processing.    Right to object to data processing.   Right to data portability.   Right to erasure. Transborder Transfer of Data The PDPA’s cautious approach to cross-border data transfers, requiring ministerial authorization, aims to enhance data security but creates practical challenges. The GDPR facilitates smoother data flows within the EEA, subject to stringent data protection standards for transfers outside the EEA. PDPA Aspect GDPR Not allowed unless the transfer is authorized by the Minister. Transborder Transfer of Data Free flow of personal data within the EEA (European Economic Area).   Strict restrictions on transfers to third countries without an adequacy decision, safeguards, or exceptions. Accountability and Breach Notification While the PDPA allows for voluntary breach reporting, the lack of a mandatory requirement raises transparency concerns. The GDPR’s robust framework includes mandatory breach reporting within 72 hours, appointing Data Protection Officers, and conducting Data Protection Impact Assessments, ensuring higher transparency and accountability. PDPA Aspect GDPR No specific breach notification requirement. Accountability and Breach Mandatory to report breaches.   Appointment of Data Protection Officer.    Conduct Data Protection Impact Assessment.    Privacy by design.    Requires organizations to report data breaches within 72 hours to relevant authorities. Summary The Personal Data Protection Act (PDPA) in Malaysia and the General Data Protection Regulation (GDPR) in the EU have distinct approaches to data protection. While the PDPA primarily addresses commercial transactions, the GDPR offers a comprehensive framework covering various data processing aspects. These differences emphasize the importance of complying with the specific regulations relevant to your organization to ensure data security and compliance in a global context.