��������Ƶ

A Subject Access Request is your legal right to ask any organization to show you the personal data they hold about you. Under Malaysia's Personal Data Protection Act (PDPA), you can submit this request to companies, government agencies, or other organizations that process your information.

Once received, organizations must respond within 21 days and provide a copy of your data in a clear format. They can charge a reasonable fee for this service. You'll see what information they keep, how they use it, and who they share it with - helping you protect your privacy rights under Malaysian law.

Submit a Subject Access Request when you need to understand exactly what personal information Malaysian organizations have about you. This is especially useful if you're applying for jobs and want to know what previous employers have on record, or if you suspect a company has incorrect data that could affect your credit score or insurance rates.

The request helps when dealing with data breaches, investigating unauthorized information sharing, or preparing for legal action. It's also valuable when updating outdated records with banks, hospitals, or government agencies. Under the PDPA, organizations must respond within 21 days, making this an effective tool for protecting your privacy rights.

• Data Subject Request Form: The standard form for requesting access to your personal data held by Malaysian organizations, covering details like contact information, employment records, and financial data.
• CCTV Access Request Form: A specialized version specifically for requesting footage from security cameras, often used in workplace disputes, insurance claims, or security incidents. This form includes specific details about time periods and camera locations.

• Data Subjects: Malaysian citizens and residents who submit Subject Access Requests to find out what personal information organizations hold about them.
• Data Protection Officers: Professionals responsible for handling these requests and ensuring their organizations comply with PDPA requirements.
• Organizations: Companies, government agencies, and institutions that must respond to these requests within 21 days.
• Legal Advisors: Lawyers who help both individuals draft requests and organizations process them correctly under Malaysian law.
• Regulatory Bodies: The Personal Data Protection Commissioner who oversees compliance and handles complaints about request processing.

• Personal Details: Gather your full name, IC number, contact information, and any reference numbers related to your relationship with the organization.
• Organization Information: Identify the exact entity holding your data and their Data Protection Officer's contact details.
• Data Scope: List specific types of personal data you're requesting access to, including relevant dates and departments.
• Identity Proof: Prepare a copy of your IC or passport for verification purposes.
• Format Preference: Specify how you want to receive the information (electronic or hard copy).
• Timeline: Note that organizations must respond within 21 days under Malaysian PDPA requirements.

• Requestor Details: Your full name, IC number, and current contact information as required by PDPA Malaysia.
• Organization Details: Accurate name and address of the data controller you're requesting information from.
• Data Specification: Clear description of the personal data you're seeking access to.
• Time Period: Specific date range for the information requested.
• Identity Verification: Statement confirming your identity with reference to attached proof documents.
• Response Format: Preferred method of receiving the information.
• Legal Reference: Citation of your rights under the Personal Data Protection Act 2010.

A Subject Access Request differs significantly from an Access Agreement in both purpose and scope. While both deal with access rights, they serve very different functions under Malaysian law.

• Legal Purpose: Subject Access Requests are statutory rights under PDPA to view your personal data, while Access Agreements are contractual arrangements defining terms for physical or digital resource access.
• Time Frame: Subject Access Requests require response within 21 days by law, whereas Access Agreements typically establish ongoing access rights for a defined period.
• Enforcement: Subject Access Requests are enforced by the Personal Data Protection Commissioner, while Access Agreements are enforced through standard contract law.
• Scope: Subject Access Requests only cover personal data held by organizations, but Access Agreements can cover any type of access rights, from property to information systems.