The Personal Data Protection (Amendment) Act 2024 introduced a new obligation for organisations (both data controllers and data processors alike) to appoint and register a Data Protection Officer (“DPO“) where they meet the relevant criteria or thresholds set out in the Appointment of Data Protection Officer Guideline (“DPO Appointment Guideline“). This new requirement officially came into effect on 1 June 2025.
For further details on the key requirements under the DPO Appointment Guideline, you may refer to our February 2025 Legal Update titled “Launch of Personal Data Protection Guidelines for Data Protection Officer Appointment and Mandatory Data Breach Notification“.
On 1 August 2025, the Personal Data Protection Commissioner issued three additional guidelines aimed at clarifying the expected competencies, training standards, and professional development pathways for appointed DPOs. These are:
- the Data Protection Officer Competency Guideline (DPO Competency Guideline);
- the Management of Data Protection Officer Training Service Providers Guideline (DPO Training Providers Guideline); and
- the Data Protection Officer Professional Development Pathway & Training Roadmap (DPO Development Roadmap)
(collectively, “New Guidelines“).
This Legal Update seeks to provide a brief overview of the key provisions set out under these New Guidelines.
For more information, click here to read the full Legal Update.
Contribution Note
This Legal Update is contributed by the listed Contact Partners, with the assistance of Yeap Yee Lin (Associate, Christopher & Lee Ong) and Jerrine Gan (Associate, Christopher & Lee Ong).
Disclaimer
Rajah & Tann Asia is a network of member firms with local legal practices in Cambodia, Indonesia, Lao PDR, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam. Our Asian network also includes our regional office in China as well as regional desks focused on Brunei, Japan and South Asia. Member firms are independently constituted and regulated in accordance with relevant local requirements.
The contents of this publication are owned by Rajah & Tann Asia together with each of its member firms and are subject to all relevant protection (including but not limited to copyright protection) under the laws of each of the countries where the member firm operates and, through international treaties, other countries. No part of this publication may be reproduced, licensed, sold, published, transmitted, modified, adapted, publicly displayed, broadcast (including storage in any medium by electronic means whether or not transiently for any purpose save as permitted herein) without the prior written permission of Rajah & Tann Asia or its respective member firms.
Please note also that whilst the information in this publication is correct to the best of our knowledge and belief at the time of writing, it is only intended to provide a general guide to the subject matter and should not be treated as legal advice or a substitute for specific professional advice for any particular course of action as such information may not suit your specific business and operational requirements. You should seek legal advice for your specific situation. In addition, the information in this publication does not create any relationship, whether legally binding or otherwise. Rajah & Tann Asia and its member firms do not accept, and fully disclaim, responsibility for any loss or damage which may result from accessing or relying on the information in this publication.
