Last review date: 31 December 2024
Generally, no.
There are no data localization or data residency requirements that are of general application under the PDPA. Note, however, that the PDPA generally prohibits the transfer of personal data outside Malaysia unless the exceptions stated in the PDPA apply. Please see our response to the question on international data transfer.
For completeness, note that there are also regulatory requirements that may have the effect of data localization or data residency for certain types of data in certain key sectors/industries (e.g., the public sector or financial institutions).
Last review date: 31 December 2024
No.
Note, however, that the Data Sharing Bill 2024 has been passed by the Malaysian Parliament in December 2024 and is expected to become law in the future. It requires, among others, a public sector agency to evaluate and respond to a data-sharing request by another public sector agency (which may only be refused based on prescribed reasons). It defines "data" widely as any facts, statistics, instructions, concepts, or other information in a form that is capable of being communicated, analyzed or processed, whether by an individual, a computer or other means.