{"id":18264,"date":"2026-04-08T07:52:02","date_gmt":"2026-04-08T07:52:02","guid":{"rendered":"https:\/\/www.hashmicro.com\/my\/blog\/?p=18264"},"modified":"2026-04-08T07:55:52","modified_gmt":"2026-04-08T07:55:52","slug":"7-principles-of-pdpa","status":"publish","type":"post","link":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/","title":{"rendered":"7 PDPA Principles for Protecting Employee Data in HR"},"content":{"rendered":"<p>As HR processes become more digital, managing employee data is no longer just an administrative task. Payroll details, medical records, performance reviews, and other sensitive information now move faster across systems, which means the risk of misuse, unauthorized access, or poor handling can also increase if the right safeguards are not in place.<\/p>\n<p>For businesses, understanding the Personal Data Protection Act is not only about meeting legal requirements. It also plays an important role in <a href=\"https:\/\/www.pwc.com\/my\/en\/events\/2024\/data-governance-key-takeaways.html\">strengthening corporate governance<\/a>, protecting confidential employee information, and maintaining trust in how the company handles personal data at every stage of the employment cycle.<\/p>\n<p>By understanding and applying the core PDPA principles in <a href=\"https:\/\/www.hashmicro.com\/my\/human-resource-management\">human resource management<\/a>, companies can reduce the risk of data breaches, avoid unnecessary penalties, and build a safer and more reliable work environment. This article will walk through the key principles and show how they apply in day to day HR practices.<\/p>\n<table style=\"border-collapse: collapse; background-color: #fffacd; box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1); border-radius: 25px 25px 25px 25px;\" width=\"100%\">\n<tbody>\n<tr>\n<td style=\"padding: 15px; border: none;\">\n<h3 style=\"margin-bottom: 10px;\"><span style=\"background-color: #990000; color: #ffffff; padding: 5px;\"><b>Key Takeaways<\/b><\/span><\/h3>\n<ul>\n<li>PDPA in <a href=\"#the\">HR starts with knowing<\/a> what employee data is being handled and how far the company is responsible for protecting it.<\/li>\n<li><a href=\"#1\">The 7 principles of PDPA<\/a> help companies control how employee data is collected, shared, secured, retained, and accessed across HR operations.<\/li>\n<li>Failing to apply PDPA properly <a href=\"#of\">can expose the business to legal penalties<\/a>, leadership liability, and long term reputational damage.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span data-sheets-root=\"1\"><!-- <div id=\"toc_group_article\" style=''>\r\n\t<p style='font-size:25px;font-weight:bold; margin-bottom:0px'>\r\n\t\tTable of Content\r\n\t<\/p>\r\n\t<ul id=\"list_toc\" class='list_toc'><\/ul>\r\n<\/div>\r\n\r\n<div class=\"dropdown-fixed-top\" id=\"dropdown-fixed-top\">\r\n\t<div class=\"row\">\r\n\t\t<p id=\"pilihDaftarIsi\">Content Lists<\/p>\r\n\t\t<p><i class=\"td-icon-menu-down\"><\/i><\/p>\r\n\t<\/div>\r\n\t\r\n\t<div>\r\n\t\t<ul id=\"list_toc_top\" class='list_toc'><\/ul>\r\n\t<\/div>\r\n<\/div> -->\r\n\r\n<!-- TOC mobile -->\r\n<div id=\"placeholder-toc\"><\/div>\r\n<div id=\"toc\">\r\n    <div class=\"header\">\r\n\t<span class=\"toc-title\" id=\"toc-title\">Table of Content<\/span>\t\r\n\t <i class=\"toc-icon\">\r\n        <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"30\" height=\"30\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#000\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" class=\"header-icon\">\r\n          <path d=\"m6 9 6 6 6-6\" \/>\r\n        <\/svg>\r\n      <\/i>\r\n\t<\/div>\r\n    <div class=\"list\">\r\n      <ul id=\"toc-list\"><\/ul>\r\n    <\/div>\r\n <\/div>\r\n<!-- TOC mobile -->\r\n\r\n<style>\r\n\t@media (max-width: 992px) {\r\n\t\t#toc_group_article {\r\n\t\t\tpadding-top: 24px;\r\n\t\t}\r\n\t}\r\n\t\r\n\t#list_toc_float {\r\n\t\tmax-height: calc(100vh - 250px);\r\n\t\toverflow-y: auto;\r\n\t}\r\n\t\r\n\t#list_toc_top {\r\n\t\tdisplay: none;\r\n\t\tbackground: #fff;\r\n\t\tmargin-bottom: 4px;\r\n\t}\r\n\t\r\n\t#list_toc_top li {\r\n\t\tdisplay: block;\r\n\t\tmargin-left: 0;\r\n\t\tlist-style: none;\r\n\t}\r\n\t\r\n\t#list_toc_top a {\r\n\t\tpadding: 5px;\r\n\t\tdisplay: block;\r\n\t}\r\n\t\r\n\t#list_toc_top.show {\r\n\t\tdisplay: block;\r\n\t}\r\n\r\n\t#list_toc_top a {\r\n\t\tcolor: #434343;\r\n\t\tborder-bottom: 1px solid #bbb;\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top {\r\n\t\tposition: fixed;\r\n\t\ttop: 59px;\r\n\t\twidth: 100%;\r\n\t\tz-index: 99;\r\n\t\tborder-bottom: 2px solid #9c171e;\r\n\t\tpadding: 12px;\r\n\t\tbackground: #fff;\r\n\t\twidth: 100%;\r\n\t\tcursor: pointer;\r\n\t\tdisplay: none;\r\n\t\tleft: 0;\r\n\t\tbox-shadow: 0 -2px 7px 6px rgba(0, 0, 0, 0.17);\r\n\t}\r\n\t\r\n\t#dropdown-fixed-top.show {\r\n\t\tanimation: showAnim 0.5s ease;\r\n\t\tdisplay: block;\r\n\t\topacity: 1;\r\n\t}\r\n\t\r\n\t@keyframes showAnim {\r\n\t\tfrom {\r\n\t\t\tdisplay: none;\r\n\t\t\topacity: 0;\r\n\t\t}\r\n\t\tto {\r\n\t\t\tdisplay: block;\r\n\t\t\topacity: 1;\r\n\t\t}\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top #list_toc_top {\r\n\t\tmax-height: calc(50vh - 110px);\r\n\t\toverflow-y: scroll;\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top .row {\r\n\t\tdisplay: flex;\r\n\t\tjustify-content: space-between\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top .row p {\r\n\t\tmargin-bottom: 0;\r\n\t}\r\n\t\r\n\t#pilihDaftarIsi {\r\n\t\tmax-width: 100%;\r\n\t\toverflow: hidden;\r\n\t\twhite-space: nowrap;\r\n\t}\r\n\t\r\n\t@media (min-width: 1018px) {\r\n\t\t.dropdown-fixed-top {\r\n\t\t\tdisplay: none;\r\n\t\t}\r\n\t}\r\n\t\r\n\t#list_toc li {margin-bottom: 0;margin-top: 5px;}\r\n\t#list_toc > li > ul {padding-left: 20px;margin-bottom: 0;}\r\n\t#list_toc{height:max-content;transition:ease-in-out}\r\n\t#list_toc li {margin-bottom: 0;margin-top: 5px;}\r\n\t#list_toc_float li.active > a {color:#b1252d;background: #ffe1e3;}\r\n\t#list_toc_top li.active > a {color:#b1252d;background: #ffe1e3;}\r\n\t#list_toc_float li a {padding:3px 7px}\r\n\t#list_toc_float li a {\r\n\t\tdisplay: block;\r\n\t\tcolor: #000;\r\n\t\tmargin-bottom: 6px;\r\n\t\tpadding-top: 2px;\r\n\t\tpadding-bottom: 2px;\r\n\t\ttransition: all 0.2s ease-in-out;\r\n\t\tfont-size: 15px;\r\n\t\tline-height: 18px;\r\n\t}\r\n\t#list_toc_float li{list-style:none;list-style-position:inside; margin-left:0;}\r\n\t#list_toc_float a:hover{color:#b1252d;}\r\n\t\r\n\t#toc_group_float{\r\n\t\tline-height: 24px;\r\n\t\tmax-height: calc(100vh - 100px);\r\n\t\toverflow: auto;\r\n\t\tz-index: 99;\r\n\t\tdisplay:none!important;\r\n\t\tbackground:#fff;\r\n\t\ttransition:all 0.5s linear\r\n\t}\r\n\t\r\n\t@media (min-width:1019px){\r\n\t\t#toc_group_float {\r\n\t\t\tdisplay:block!important;\r\n\t\t}\r\n\t\t#toc_group_article {\r\n\t\t\tdisplay:none;\r\n\t\t}\t\t\t\t\r\n\t}\r\n\r\n<\/style>\r\n\r\n<style>\r\n\t@media (max-width: 992px) {\r\n\t\t#toc_group_article {\r\n\t\t\tpadding-top: 24px;\r\n\t\t}\r\n\t}\r\n\t\r\n\t#list_toc_float {\r\n\t\tmax-height: calc(100vh - 250px);\r\n\t\toverflow-y: auto;\r\n\t}\r\n\t\r\n\t#list_toc_top {\r\n\t\tdisplay: none;\r\n\t\tbackground: #fff;\r\n\t\tmargin-bottom: 4px;\r\n\t}\r\n\t\r\n\t#list_toc_top li {\r\n\t\tdisplay: block;\r\n\t\tmargin-left: 0;\r\n\t\tlist-style: none;\r\n\t}\r\n\t\r\n\t#list_toc_top a {\r\n\t\tpadding: 5px;\r\n\t\tdisplay: block;\r\n\t}\r\n\t\r\n\t#list_toc_top.show {\r\n\t\tdisplay: block;\r\n\t}\r\n\r\n\t#list_toc_top a {\r\n\t\tcolor: #434343;\r\n\t\tborder-bottom: 1px solid #bbb;\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top {\r\n\t\tposition: fixed;\r\n\t\ttop: 59px;\r\n\t\twidth: 100%;\r\n\t\tz-index: 99;\r\n\t\tborder-bottom: 2px solid #9c171e;\r\n\t\tpadding: 12px;\r\n\t\tbackground: #fff;\r\n\t\twidth: 100%;\r\n\t\tcursor: pointer;\r\n\t\tdisplay: none;\r\n\t\tleft: 0;\r\n\t\tbox-shadow: 0 -2px 7px 6px rgba(0, 0, 0, 0.17);\r\n\t}\r\n\t\r\n\t#dropdown-fixed-top.show {\r\n\t\tanimation: showAnim 0.5s ease;\r\n\t\tdisplay: block;\r\n\t\topacity: 1;\r\n\t}\r\n\t\r\n\t@keyframes showAnim {\r\n\t\tfrom {\r\n\t\t\tdisplay: none;\r\n\t\t\topacity: 0;\r\n\t\t}\r\n\t\tto {\r\n\t\t\tdisplay: block;\r\n\t\t\topacity: 1;\r\n\t\t}\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top #list_toc_top {\r\n\t\tmax-height: calc(50vh - 110px);\r\n\t\toverflow-y: scroll;\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top .row {\r\n\t\tdisplay: flex;\r\n\t\tjustify-content: space-between\r\n\t}\r\n\t\r\n\t.dropdown-fixed-top .row p {\r\n\t\tmargin-bottom: 0;\r\n\t}\r\n\t\r\n\t#pilihDaftarIsi {\r\n\t\tmax-width: 100%;\r\n\t\toverflow: hidden;\r\n\t\twhite-space: nowrap;\r\n\t}\r\n\t\r\n\t@media (min-width: 1018px) {\r\n\t\t.dropdown-fixed-top {\r\n\t\t\tdisplay: none;\r\n\t\t}\r\n\t}\r\n\t\r\n\t#list_toc li {margin-bottom: 0;margin-top: 5px;}\r\n\t#list_toc > li > ul {padding-left: 20px;margin-bottom: 0;}\r\n\t#list_toc{height:max-content;transition:ease-in-out}\r\n\t#list_toc li {margin-bottom: 0;margin-top: 5px;}\r\n\t#list_toc_float li.active > a {color:#b1252d;background: #ffe1e3;}\r\n\t#list_toc_top li.active > a {color:#b1252d;background: #ffe1e3;}\r\n\t#list_toc_float li a {padding:3px 7px}\r\n\t#list_toc_float li a {\r\n\t\tdisplay: block;\r\n\t\tcolor: #000;\r\n\t\tmargin-bottom: 6px;\r\n\t\tpadding-top: 2px;\r\n\t\tpadding-bottom: 2px;\r\n\t\ttransition: all 0.2s ease-in-out;\r\n\t\tfont-size: 15px;\r\n\t\tline-height: 18px;\r\n\t}\r\n\t#list_toc_float li{list-style:none;list-style-position:inside; margin-left:0;}\r\n\t#list_toc_float a:hover{color:#b1252d;}\r\n\t\r\n\t#toc_group_float{\r\n\t\tline-height: 24px;\r\n\t\tmax-height: calc(100vh - 100px);\r\n\t\toverflow: auto;\r\n\t\tz-index: 99;\r\n\t\tdisplay:none!important;\r\n\t\tbackground:#fff;\r\n\t\ttransition:all 0.5s linear\r\n\t}\r\n\t\r\n\t@media (min-width:1019px){\r\n\t\t#toc_group_float {\r\n\t\t\tdisplay:block!important;\r\n\t\t\t}\r\n\t\t\t\t#toc_group_article {\r\n\t\t\tdisplay:none;\r\n\t\t}\r\n\t}\r\n\r\n<\/style>\r\n\r\n<!-- START ToC styling  -->\r\n<style>\r\n\t\/* Simple styling for the TOC *\/\r\n\t\r\n\t#toc ul li:last-child {\r\n    padding-bottom: 16px; \/* Adjust the value as needed *\/\r\n}\r\n\r\n.td-fix-index {\r\n\t transform: unset !important;\r\n     -webkit-transform: unset !important; \r\n}\r\n.footer-contact .td-fix-index {\r\n\t transform: translateZ(0) !important;\r\n     -webkit-transform: translateZ(0) !important; \r\n}\r\n\t.tdb_single_content .tdb-block-inner.td-fix-index{\r\n\t\tposition: static;\r\n\t}\r\n\t\r\n\r\n\t\r\n#toc {\r\n  background-color: #FFF;\r\n\tpadding: 17px 24px 0px 24px !important;\r\n  margin-bottom: 20px;\r\n\/*   border: 1px solid #9C171E; *\/\r\n  border-radius: 6px;\r\n\tdisplay: none;\r\n  max-width: 100%;\r\n  transition: .4s ease height;\r\n\tmargin-left: 0;\r\n\toverflow: hidden;\r\n}\r\n\r\n#toc .header{\r\n  display: flex;\r\n  align-items: center;\r\n  justify-content: space-between;\r\n\tbackground-color: transparent;\r\n}\r\n\t\r\n\t#toc.sticky .header{\r\n\t\tpadding: 4px 0;\r\n\t}\r\n\t\r\n.header p{\r\n  font-size: 18px !important;\r\n  font-weight: 600 !important;\r\n  color: #393939;\r\n   margin-bottom: 0;\r\n  \/* margin-top: 20px; *\/\r\n}\r\n\r\n.toc-icon{\r\n  float: right;\r\n\/*   visibility: hidden; *\/\r\n}\r\n\r\n\t.toc-title{\r\n\t\tmargin-right: auto;\r\n\/* \t\tpadding-left: 20px; *\/\r\n\t\tfont-weight: 600;\r\n\t\talign-self: center;\t}\t\r\n\r\n#toc ul {\r\n  list-style-type: none;\r\n  padding-left: 0;\r\n}\r\n\t\r\n#toc.sticky ul{\r\n\toverflow-y: auto;\r\n\tmax-height: 250px;\r\n\tmargin-top: 0px;\r\n\tpadding-top: 20px;\r\n\/* \tborder-top: 1px solid #d3d3d3; *\/\r\n}\r\n\t\r\n#toc ul li {\r\n\/*   margin-bottom: 10px; *\/\r\n  margin-bottom: 10px;\r\n\tmargin-left: 0;\r\n\ttransition: .2s ease;\r\n\tcursor: pointer;\r\n}\r\n\t\r\n\t#toc.sticky ul li {\r\n\t  margin-right: 10px;\r\n\t}\r\n\t\r\n.td-post-content #toc-list li a:hover, .td-post-content #toc-list a.active{\r\n\tbackground-color: #FFF;\r\n\/* \tpadding: 8px 16px 8px 16px; *\/\r\n\tpadding: 4px 16px 4px 16px;\r\n\tborder-radius: 6px;\r\n\tcolor: #9c171e !important;\r\n\tfont-weight: 600 !important;\r\n}\r\n\t\r\n\t.td-post-content #toc-list li:hover a, .td-post-content #toc-list a.active{\r\n\t\tcolor: #9C171E !important;\r\n\t\tfont-weight: 600 !important;\r\n\t}\r\n\t\r\n.td-post-content #toc-list a.active{\r\n\tfont-weight: bold !important;\r\n\tcolor: #9C171E !important;\r\n}\r\n\t\r\n#toc a, .td-post-content #toc-list a {\r\n  text-decoration: none;\r\n  color: #ea1717 !important;\r\n  transition: .2s ease;\r\n\tfont-weight: 400 !important;\r\n\tdisplay: block;\r\n\t\r\n\tpadding: 4px 16px 4px 0;\r\n}\r\n\r\n#toc.sticky {\r\n  position: fixed;\r\n\/*   top: 73px; *\/\r\n\tbottom: 0;\r\n  z-index: 100; \r\n  box-shadow: 0 2px 5px rgba(0,0,0,0.1); \r\n\twidth: 100%; \r\n\tbackground-color: #FFF;\r\n\/* \tbackground-color: #FFF1F1; *\/\r\n\tborder-bottom: 1px solid #ea1717;\r\n\/*   border: 1px solid #393939; *\/\r\n  box-shadow: 0px 0px 14px 0px #00000040;\r\n  cursor: pointer;\r\n\tanimation: fadein .3s ease;\r\n\tpadding: 12px 16px !important;\r\n}\r\n\t\r\n\t.fadein{\r\n\t\tanimation: fadein .3s ease;\r\n\t}\r\n\t\r\n\t.fadeout{\r\n\t\tanimation: fadeout .3s ease;\r\n\t}\r\n\t\r\n\t\r\n\t@keyframes fadein{\r\n\t\t0% {\r\n\t\t\topacity: 0;\r\n\t\t}\r\n\t\t100%{\r\n\t\t\topacity: 1;\r\n\t\t}\r\n\t}\r\n\t\r\n\t@keyframes fadeout{\r\n\t\t0% {\r\n\t\t\topacity: 1;\r\n\t\t}\r\n\t\t100%{\r\n\t\t\topacity: 0;\r\n\t\t}\r\n\t}\r\n\r\n\t\r\n#toc.sticky .header p{\r\n\tmargin-bottom: 10px;\r\n\tmargin-top: 10px;\r\n}\r\n\r\n#toc.sticky .toc-icon{\r\n  visibility: visible;\r\n\/* \ttransition: 0.4s ease; *\/\r\n}\r\n\t\r\n\t.toc-icon{\r\n\t\talign-items: center;\r\n    \tdisplay: flex;\r\n\t}\r\n\t\r\n\tsvg.header-icon{\r\n\/* \t\tbackground-color: #9c171e; *\/\r\n\t\tbackground-color: #FFF;\r\n\t\tborder-radius: 30px;\r\n\t\tpadding: 5px;\r\n\t}\r\n\r\n#toc.sticky .list{\r\n\/*   max-height: 0; *\/\r\n  transition: height 0.4s ease;\r\n}\r\n\t\r\n\t#toc .list{\r\n\/*   max-height: 0; *\/\r\n  transition: height 0.4s ease;\r\n}\r\n\r\n#toc .header.active .toc-icon{\r\n\ttransform: rotate(0deg); \r\n\topacity: 1;\r\n}\r\n\r\n\t#toc .header.active + .list {\r\n\t  max-height: 200px; \/* Adjust this value as needed *\/\r\n\t  opacity: 1;\r\n\t}\r\n\t\r\n\t#placeholder-toc{\r\n\/* \t\tdisplay: none; *\/\r\n\t}\r\n\t\r\n\t@media (min-width: 768px) and (max-width: 991px){\r\n\t\t#toc.sticky{\r\n\/* \t\t\ttop: 104px; *\/\r\n\t\t\tbottom: 0px;\r\n\t\t}\r\n\t\t\r\n\t\t#toc{\r\n\t\t\twidth: unset !important;\r\n\t\t}\r\n\t}\r\n\t\r\n\t@media (max-width: 767px){\r\n\t\t#toc{\r\n\t\t\twidth: 100% !important;\r\n\t\t\tdisplay: inline-block;\r\n\t\t}\r\n\t\t\r\n\t\t#toc.sticky{\r\n\t\t\twidth: 90% !important;\r\n\/* \t\t\ttop: 81px; *\/\r\n\t\t\tbottom: 60px;\r\n\t\t\tmargin-left: auto;\r\n\t\t\tmargin-right: auto;\r\n\t\t\tpadding: 0 16px;\r\n\t\t\tright: 5%;\r\n\t\t}\r\n\t}\r\n\t\r\n\t<\/style>\r\n<!-- END ToC styling  -->\r\n\r\n<!-- ToC List for mobile -->\r\n<script>\r\n \/\/ Generate TOC based on headings\r\ndocument.addEventListener(\"DOMContentLoaded\", function() {\r\n  \/\/ Get the element that will contain the TOC\r\n  const tocList = document.getElementById('toc-list');\r\n\r\n  \/\/ Get the element with the ID 'article-left'\r\n  const article = document.querySelector('.td-post-content');\r\n\r\n  \/\/ Find all h2 elements within 'myarticle'\r\n  const headers = article.getElementsByTagName('h2');\r\n\r\n  \/\/ Loop through the h2 elements and create a list item for each one\r\n  for (let i = 0; i < headers.length; i++) {\r\n    const header = headers[i];\r\n    const headerText = header.textContent;\r\n\/\/     const headerId = 'header-' + i;\r\n    const headerId = headerText\r\n    .toLowerCase()\r\n    .trim()\r\n    .replace(\/[^\\w\\s-]\/g, '')  \/\/ hapus tanda baca\r\n    .replace(\/\\s+\/g, '-'); \/\/ ganti spasi jadi \"-\"\r\n\r\n    \/\/ Set an ID for the header if it doesn't have one\r\n    header.setAttribute('id', headerId);\r\n\r\n    \/\/ Create a list item for the TOC\r\n    const listItem = document.createElement('li');\r\n\r\n    \/\/ Create a link for the list item\r\n    const link = document.createElement('a');\r\n    link.setAttribute('href', '#' + headerId);\r\n    link.textContent = headerText;\r\n\r\n    \/\/ Append the link to the list item\r\n    listItem.appendChild(link);\r\n\r\n    \/\/ Append the list item to the TOC list\r\n    tocList.appendChild(listItem);\r\n  }\r\n});\r\n\r\n\/\/ Keep height and placement of content using placeholder in place of TOC\r\ndocument.addEventListener(\"DOMContentLoaded\", function() {\r\n  const toc = document.querySelector('#toc');\r\n  const placeholderToc = document.querySelector('#placeholder-toc');\r\n\r\n  function setPlaceholderHeight() {\r\n    placeholderToc.style.height = `${toc.offsetHeight}px`;\r\n  }\r\n\r\n  \/\/ Set the initial height of the placeholder\r\n  setPlaceholderHeight();\r\n\r\n  \/\/ Update the height on window resize\r\n  window.addEventListener('resize', setPlaceholderHeight);\r\n});\r\n  const tocTitle = document.querySelector('#toc-title'); \/\/ Assuming header-faq is the element for TOC title\r\n\r\n\/\/ Sticky TOC and update heading\r\ndocument.addEventListener(\"DOMContentLoaded\", function() {\r\n  const toc = document.querySelector('#toc');\r\n  const footer = document.querySelector('.td-footer-template-wrap');\r\n  const tocParent = toc.parentElement;\r\n  const divTop = tocParent.getBoundingClientRect().top + window.pageYOffset;\r\n  const tocHeight = toc.offsetHeight;\r\n  const triggerPoint = divTop + tocHeight + 700;\r\n  const footerHeight = footer.offsetHeight;\r\n  const triggerFooterPoint = footer.getBoundingClientRect().top + window.pageYOffset - footerHeight - footerHeight - footerHeight;\r\n  const phtoc = document.querySelector('#placeholder-toc');\r\n  const headers = document.querySelectorAll('.td-post-content h2');\r\n  const navLinks = document.querySelectorAll('#toc-list a');\r\n\t\r\n\tconst panel2 = document.querySelector(\"#toc .list\");\r\n\tvar icon = document.querySelector(\".toc-icon\");\r\n\r\n  let activeLink = null; \/\/ Declare activeLink outside the loop\r\n\t\r\n  \/\/ Function to handle scroll and add\/remove .sticky class\r\n  function handleScroll() {\r\n    const windowTop = window.pageYOffset || document.documentElement.scrollTop;\r\n    let currentHeader = '';\r\n\r\n    \/\/ Highlight user progress as the heading comes\r\n    headers.forEach(header => {\r\n\t\tconst headerTop = header.offsetTop;\r\n\t\tconst headerHeight = header.clientHeight;\r\n\t\tif (window.scrollY >= (headerTop - headerHeight + 700)) {\r\n\t\t\tconst currentHeaderId = header.getAttribute('id');\r\n\t\t\tconst currentHeaderText = document.getElementById(currentHeaderId).textContent;\r\n\/\/ \t\t\tconsole.log(\"current header text:\", currentHeaderText);\r\n\t\t\ttocTitle.textContent = currentHeaderText;\r\n\t\t\tcurrentHeader = currentHeaderId;\r\n\t\t\t\r\n\t\t\tif(window.innerWidth < 767){\r\n\t\t\t\ttocTitle.textContent = 'Table of Content';\r\n\t\t\t}\r\n\t\t}\r\n\t});\r\n\r\n    navLinks.forEach(link => {\r\n      link.classList.remove('active');\r\n      if(currentHeader != '') {\r\n\t\t  if (link.getAttribute('href').includes(currentHeader)) {\r\n\t\t\t  link.classList.add('active');\r\n\t\t  }\r\n\t  }\r\n    });\r\n\/\/     if (windowTop < triggerFooterPoint) {\r\n\/\/         toc.style.display = 'block';\r\n\/\/ \t}else{\r\n\/\/         toc.style.display = 'none';\r\n\/\/ \t}\r\n    \/\/ Update TOC title if sticky\r\n    if (windowTop > triggerPoint) {\r\n      if (!toc.classList.contains('sticky')) {\r\n        phtoc.style.display = \"block\";\r\n        toc.classList.add('sticky');\r\n        toc.style.width = `${tocParent.offsetWidth}px`; \/\/ Set width to match the parent element\r\n        toc.setAttribute('style', 'width: ' + tocParent.offsetWidth + 'px !important;');\r\n        toc.style.backgroundColor = \"#FFF\";\r\n\t\tpanel2.style.height = '0px';\r\n\t\t  icon.style.transform = \"rotate(180deg)\";\r\n\t\t  if(window.innerWidth < 767){\r\n\/\/ \t\t\t  const tocs = document.querySelector('#toc.sticky');\r\n\t\t\t  tocTitle.textContent = 'Table of Content'; \/\/ Reset title\r\n       \t\t  toc.style.width = '150px'; \/\/ Set width to match the parent element\r\n\t\t  }\r\n      }\r\n      if (currentHeader) {\r\n\/\/         console.log(\"activeLink:\", activeLink);\r\n        if (activeLink) {\r\n\/\/           tocTitle.textContent = activeLink.textContent; \/\/ Update TOC title\r\n          tocTitle.textContent = activeLink ? activeLink.textContent : \"\"; \/\/ Update title only if activeLink exists\r\n        }\r\n      }\r\n    } else {\r\n      toc.classList.remove('sticky');\r\n      phtoc.style.display = \"none\";\r\n      toc.style.width = 'unset'; \/\/ Reset to original width\r\n      toc.style.backgroundColor = \"#FFF\";\r\n      tocTitle.textContent = 'Table of Content'; \/\/ Reset title\r\n\t\tpanel2.style.height = panel2.scrollHeight + \"px\";\r\n\t\ticon.style.transform = \"rotate(180deg)\";\r\n    }\r\n  }\r\n\r\n    \/\/ Attach the scroll event listener to the window\r\n    window.addEventListener('scroll', handleScroll);\r\n\r\n    \/\/ Initial call to handleScroll to set the correct state on load\r\n    handleScroll();\r\n});\r\n\t\r\n\t\/\/ Open toggle TOC\r\n\t  document.addEventListener(\"DOMContentLoaded\", function() {\r\n\t\tvar tocHeader = document.querySelector(\"#toc .header\");\r\n\t\tvar toc = document.querySelector(\"#toc\");\r\n\t\tvar icon = document.querySelector(\".toc-icon\");\r\n\t\tconst tocTitle = document.querySelector('#toc-title');\r\n\t\tconst tocs = document.querySelector('#toc.sticky');\r\n \t\tconst tocParent = toc.parentElement;\t\t  \r\n\r\n\t\t  tocHeader.addEventListener(\"click\", function() {\r\n\t\t\tvar panel = this.nextElementSibling;\r\n\t\t\tif (panel.style.height !== '0px') { \/\/ Check if height is not 0px\r\n\t\t\t  panel.style.height = '0px'; \/\/ Set height to 0 for full collapse\r\n\t\t\t  icon.style.transform = \"rotate(180deg)\";\r\n\/\/ \t\t\t\ttoc.style.paddingBottom = '6px'; \r\n\t\t\t\tif(window.innerWidth > 768){\r\n\t\t\t\t\tif(!toc.classList.contains('sticky')){\r\n\t\t\t\t\t\ttoc.style.width = \"unset\";\r\n\/\/ \t\t\t\t\t\ttoc.setAttribute('style', 'width: ' + tocParent.offsetWidth + 'px !important;');\r\n\t\t\t\t\t}\r\n\t\t\t\t\tif (toc.classList.contains('sticky')){\r\n\t\t\t\t\t\ttoc.style.width = '${tocParent.offsetWidth}px';\r\n\t\t\t\t\t\ttoc.setAttribute('style', 'width: ' + tocParent.offsetWidth + 'px !important;');\r\n\t\t\t\t\t}\r\n\t\t\t\t}\r\n\t\t\t\tif(window.innerWidth < 767){\r\n\t\t\t\t\ttoc.style.width = \"unset\"; \/\/ Reset width\r\n\t\t\t\t}\r\n\t\t\t\ttoc.style.backgroundColor = \"#FFF1F1\";\r\n\t\t\t} else {\r\n\t\t\t  panel.style.height = panel.scrollHeight + \"px\";\r\n\t\t\t  icon.style.transform = \"rotate(0deg)\";\r\n\t\t\t  toc.style.backgroundColor = \"#FFF\";\r\n\t\t\t  tocTitle.textContent = 'Table of Content'; \/\/ Reset title\r\n\t\t\t\ttoc.style.paddingBottom = '24px';\r\n\t\t\t \tif(window.innerWidth < 767){\r\n\t\t\t\t\ttoc.style.width = `${tocParent.offsetWidth}px`; \/\/ Set width to match the parent element\r\n\t\t\t\t\ttoc.setAttribute('style', 'width: ' + tocParent.offsetWidth + 'px !important;');\r\n\t\t\t\t}\r\n\t\t\t}\r\n\t\t  });\r\n\r\n\t\t  \/\/ Close TOC when a link inside it is clicked\r\n\t\t  var tocLinks = document.querySelectorAll(\"#toc .list a\");\r\n\t\t  tocLinks.forEach(function(link) {\r\n\t\t\tlink.addEventListener(\"click\", function() {\r\n\t\t\t  var panel = document.querySelector(\"#toc .list\");\r\n\t\t\t  panel.style.height = '0px'; \/\/ Set height to 0 for full collapse\r\n\t\t\t  icon.style.transform = \"rotate(180deg)\";\r\n\t\t\t  toc.style.backgroundColor = \"#FFF\";\r\n\t\t\t});\r\n\t\t  });\r\n\t\t});\r\n<\/script>\r\n\r\n<!-- <script>\r\n\tvar pilihDaftarIsi = document.getElementById('pilihDaftarIsi');\r\n\t\r\n\tdocument.addEventListener('DOMContentLoaded', function() {\r\n\t\tvar dropdownFixedTop = document.querySelector('.dropdown-fixed-top');\r\n\r\n\t\tdropdownFixedTop.addEventListener('click', function() {\r\n\t\t\tvar dropdownContent = this.querySelector('.list_toc');\r\n\t\t\tdropdownContent.classList.toggle('show');\r\n\t\t});\r\n\r\n\t\twindow.addEventListener('click', function(event) {\r\n\t\t\tvar listTocTop = document.getElementById('list_toc_top');\r\n\r\n\t\t\tif (!dropdownFixedTop.contains(event.target)) {\r\n\t\t\t\tlistTocTop.classList.remove('show');\r\n\t\t\t}\r\n\t\t});\r\n\t});\r\n\t\r\n\tvar daftarIsiContainer = document.getElementById('toc_group_article');\r\n\tvar dropdownFixedTop = document.getElementById('dropdown-fixed-top');\r\n    var triggered = false; \/\/ Flag to keep track of whether the function has been triggered\r\n\r\n    window.addEventListener('scroll', function() {\r\n        if (!triggered && isCompletelyScrolledPast(daftarIsiContainer)) {\r\n            showSectionDropdownFixedTop(false);\r\n            triggered = true;\r\n        } else if (triggered && !isCompletelyScrolledPast(daftarIsiContainer)) {\r\n            showSectionDropdownFixedTop(true);\r\n            triggered = false;\r\n        }\r\n    });\r\n\r\n    function isCompletelyScrolledPast(element) {\r\n        var elementTop = element.getBoundingClientRect().top;\r\n        var elementBottom = element.getBoundingClientRect().bottom;\r\n        return elementTop < 0 && elementBottom < 0;\r\n    }\r\n\r\n    function showSectionDropdownFixedTop(show) {\r\n\t\tif (show) {\r\n\t\t\tdropdownFixedTop.classList.remove(\"show\");\r\n\t\t} else {\r\n\t\t\tdropdownFixedTop.classList.add(\"show\");\r\n\t\t}\r\n    }\r\n\r\n\/\/ Scrollspy function to highlight the active TOC item based on the scroll position\r\n  function scrollSpy(tocClass) {\r\n    const scrollPosition = window.scrollY;\r\n\r\n    \/\/ Find the active h2 and h3 headings based on their position in the corresponding TOC\r\n    let activeH2 = null;\r\n    let activeH3 = null;\r\n\r\n    const tocItems = document.querySelectorAll(`.${tocClass} li`);\r\n    tocItems.forEach(item => {\r\n      const a = item.querySelector('a');\r\n      if (!a) return;\r\n      const href = a.getAttribute('href');\r\n      const targetId = href.substring(1); \/\/ Remove the '#' from the href to get the target ID\r\n      const targetElement = document.getElementById(targetId);\r\n      if (!targetElement) return;\r\n\r\n      const targetTop = targetElement.getBoundingClientRect().top + scrollPosition;\r\n      const nextItem = item.nextElementSibling;\r\n      const nextTop = nextItem ? nextItem.getBoundingClientRect().top + scrollPosition : Infinity;\r\n\r\n      if (targetTop <= scrollPosition + 150) {\r\n        if (a.parentElement.parentElement === tocItems) {\r\n          \/\/ The h2 heading is at the root level of the TOC\r\n          activeH2 = { id: targetId, level: 'h2' };\r\n        } else {\r\n          \/\/ The h3 heading is nested under an h2 heading\r\n          const parentH2 = a.parentElement.parentElement.previousElementSibling;\r\n          if (parentH2) {\r\n            const h2Link = parentH2.querySelector('a');\r\n            if (h2Link) {\r\n              const h2Href = h2Link.getAttribute('href');\r\n              const h2Id = h2Href.substring(1);\r\n              activeH2 = { id: h2Id, level: 'h2' };\r\n            }\r\n          }\r\n          activeH3 = { id: targetId, level: 'h3' };\r\n        }\r\n      }\r\n\r\n      if (targetTop > scrollPosition + 150 && nextTop > scrollPosition + 150 && !activeH3) {\r\n        \/\/ Reset the activeH2 when there are no more active h3 headings\r\n        activeH2 = null;\r\n      }\r\n    });\r\n\r\n    \/\/ Update the active state for the TOC items\r\n    tocItems.forEach(item => {\r\n      item.classList.remove('active');\r\n      const a = item.querySelector('a');\r\n      if (a) {\r\n        const href = a.getAttribute('href');\r\n        const targetId = href.substring(1);\r\n        if ((activeH2 && activeH2.id === targetId) || (activeH3 && activeH3.id === targetId)) {\r\n          item.classList.add('active');\r\n\t\t  pilihDaftarIsi.innerHTML = a.textContent;\r\n        }\r\n      }\r\n    });\r\n  }\r\n\r\n  \/\/ Call scrollSpy for each TOC on window scroll\r\n  const tocClasses = ['list_toc', 'list_toc_float', 'list_toc_top']; \/\/ Add other TOC class names here if you have more than two instances\r\n  tocClasses.forEach(tocClass => {\r\n    window.addEventListener('scroll', () => scrollSpy(tocClass));\r\n  });\r\n<\/script> -->\r\n<!-- END script lama -->\r\n\t\r\n<script>\r\n    \/\/ Scrollspy function to highlight the active TOC item based on the scroll position\r\n  function scrollSpy(tocClass) {\r\n    const scrollPosition = window.scrollY;\r\n\r\n    \/\/ Find the active h2 and h3 headings based on their position in the corresponding TOC\r\n    let activeH2 = null;\r\n    let activeH3 = null;\r\n\r\n    const tocItems = document.querySelectorAll(`.${tocClass} li`);\r\n    tocItems.forEach(item => {\r\n      const a = item.querySelector('a');\r\n      if (!a) return;\r\n      const href = a.getAttribute('href');\r\n      const targetId = href.substring(1); \/\/ Remove the '#' from the href to get the target ID\r\n      const targetElement = document.getElementById(targetId);\r\n      if (!targetElement) return;\r\n\r\n      const targetTop = targetElement.getBoundingClientRect().top + scrollPosition;\r\n      const nextItem = item.nextElementSibling;\r\n      const nextTop = nextItem ? nextItem.getBoundingClientRect().top + scrollPosition : Infinity;\r\n\r\n      if (targetTop <= scrollPosition + 150) {\r\n        if (a.parentElement.parentElement === tocItems) {\r\n          \/\/ The h2 heading is at the root level of the TOC\r\n          activeH2 = { id: targetId, level: 'h2' };\r\n        } else {\r\n          \/\/ The h3 heading is nested under an h2 heading\r\n          const parentH2 = a.parentElement.parentElement.previousElementSibling;\r\n          if (parentH2) {\r\n            const h2Link = parentH2.querySelector('a');\r\n            if (h2Link) {\r\n              const h2Href = h2Link.getAttribute('href');\r\n              const h2Id = h2Href.substring(1);\r\n              activeH2 = { id: h2Id, level: 'h2' };\r\n            }\r\n          }\r\n          activeH3 = { id: targetId, level: 'h3' };\r\n        }\r\n      }\r\n\r\n      if (targetTop > scrollPosition + 150 && nextTop > scrollPosition + 150 && !activeH3) {\r\n        \/\/ Reset the activeH2 when there are no more active h3 headings\r\n        activeH2 = null;\r\n      }\r\n    });\r\n\r\n    \/\/ Update the active state for the TOC items\r\n    tocItems.forEach(item => {\r\n      item.classList.remove('active');\r\n      const a = item.querySelector('a');\r\n      if (a) {\r\n        const href = a.getAttribute('href');\r\n        const targetId = href.substring(1);\r\n        if ((activeH2 && activeH2.id === targetId) || (activeH3 && activeH3.id === targetId)) {\r\n          item.classList.add('active');\r\n        }\r\n      }\r\n    });\r\n  }\r\n\r\n  \/\/ Call scrollSpy for each TOC on window scroll\r\n  const tocClasses = ['list_toc', 'list_toc_float', 'list_toc_top']; \/\/ Add other TOC class names here if you have more than two instances\r\n  tocClasses.forEach(tocClass => {\r\n    window.addEventListener('scroll', () => scrollSpy(tocClass));\r\n  });\r\n<\/script>\r\n\t\r\n\r\n<!-- ToC List for desktop side bar, diganti jadi inject by php, di code snippet \"Sidebar Accordion\" -->\r\n<!-- <script>\r\n\tdocument.addEventListener('DOMContentLoaded', function() {\r\n        \/\/ Fungsi untuk mengubah teks menjadi format id\r\n        function formatId(text) {\r\n            return text.trim().replace(\/[^\\w\\d]+\/g, '_');\r\n        }\r\n\r\n        \/\/ Fungsi untuk membuat nested list\r\n        function createNestedList(parentNode, children) {\r\n            if (children.length === 0) return;\r\n\r\n            const nestedUl = document.createElement('ul');\r\n            children.forEach(child => {\r\n                const nestedLi = document.createElement('li');\r\n                const nestedA = document.createElement('a');\r\n                nestedA.textContent = child.title;\r\n                nestedA.href = `#${child.id}`;\r\n                nestedLi.appendChild(nestedA);\r\n                nestedUl.appendChild(nestedLi);\r\n\r\n                if (child.children.length > 0) {\r\n                    createNestedList(nestedLi, child.children);\r\n                }\r\n            });\r\n\r\n            parentNode.appendChild(nestedUl);\r\n        }\r\n\r\n        \/\/ Membuat objek untuk menyimpan daftar h2 dan h3 beserta judulnya\r\n        const headings = [];\r\n\r\n           \/\/ Mengambil semua elemen h2 dan h3\r\n        const elements = document.querySelectorAll('.td-post-content h2');\r\n\t\t\t\/\/, .td-post-content h3\r\n\r\n        elements.forEach(element => {\r\n            if (element.tagName === 'H2') {\r\n                const id = formatId(element.textContent);\r\n                element.id = id;\r\n\t\t\t\tif(element.textContent.toLowerCase() === \"key takeaways\") {return;} \/\/ Biar ga nampilin Key Takeaways di ToC\r\n                headings.push({ level: 'h2', id: id, title: element.textContent, children: [] });\r\n            } else if (element.tagName === 'H3') {\r\n                const id = formatId(element.textContent);\r\n                element.id = id;\r\n                if (headings.length > 0) {\r\n                    headings[headings.length - 1].children.push({ level: 'h3', id: id, title: element.textContent, children: [] });\r\n                }\r\n            }\r\n        });\r\n\r\n        \/\/ Membuat list HTML dari objek headings\r\n        const ul = document.getElementById('list_toc');\r\n        let currentUl = ul;\r\n        headings.forEach(heading => {\r\n            const li = document.createElement('li');\r\n            const a = document.createElement('a');\r\n            a.textContent = heading.title;\r\n            a.href = `#${heading.id}`;\r\n            li.appendChild(a);\r\n\r\n            if (heading.level === 'h2') {\r\n                \/\/ Menyimpan ul saat ini untuk menambahkan nested ul\r\n                currentUl = li;\r\n                ul.appendChild(li);\r\n            } else if (heading.level === 'h3') {\r\n                if (!currentUl.lastElementChild || currentUl.lastElementChild.tagName !== 'UL') {\r\n                    \/\/ Jika belum ada nested ul, buat satu\r\n                    const nestedUl = document.createElement('ul');\r\n                    currentUl.appendChild(nestedUl);\r\n                    currentUl = nestedUl;\r\n                }\r\n                currentUl.appendChild(li);\r\n            }\r\n\r\n            createNestedList(li, heading.children);\r\n        });\r\n\t\t\/\/ Dapatkan elemen ul dengan id 'list_toc_float'\r\nconst ulFloat = document.getElementById('list_toc');\r\nconst ulJourney = document.getElementById('list_journey');\r\n\r\n\/\/ Dapatkan isi (child elements) dari ul dengan id 'list_toc_float'\r\n\tif (ulFloat !== null) {\r\n\t\tconst clonedChildren = ulFloat.cloneNode(true).children;\r\n\t\tconst ulToc = document.getElementById('list_toc_float');\r\n\t\tconst ulTocTop = document.getElementById('list_toc_top');\r\n\t\tif ((ulToc !== null || ulToc !== undefined) && window.innerWidth > 1018){\r\n\t\t\tulToc.append(...clonedChildren);\r\n\t\t} else {\r\n\t\t\tulTocTop.append(...clonedChildren);\r\n\t\t}\r\n\t} \r\n\r\n\tif (ulJourney !== null) {\r\n\t\tconst clonedChildrenJourney = ulJourney.cloneNode(true).children;\r\n\t\tconst ulTocJourney = document.getElementById('list_toc_journey');\r\n\t\tulTocJourney.append(...clonedChildrenJourney);\r\n\t} \r\n\r\n\r\n\r\n\r\n\t\r\n        \/\/ Fungsi untuk mengambil tinggi navbar\r\n        function getNavbarHeight() {\r\n            const navbar = document.getElementById('tdi_34');\r\n            return navbar ? navbar.offsetHeight : 0;\r\n        }\r\n\r\n        \/\/ Fungsi untuk menambahkan offset posisi scroll\r\n        function scrollToElementWithOffset(elementId) {\r\n            const element = document.getElementById(elementId);\r\n            if (element) {\r\n                const offset = getNavbarHeight();\r\n                const elementPosition = element.getBoundingClientRect().top;\r\n                const offsetPosition = elementPosition - offset-40;\r\n\r\n                window.scrollBy({\r\n                    top: offsetPosition,\r\n                    behavior: 'smooth'\r\n                });\r\n            }\r\n        }\r\n\r\n        \/\/ Fungsi untuk menangani klik pada tautan judul\r\n        function handleTitleClick(event) {\r\n            event.preventDefault();\r\n            const href = event.target.getAttribute('href').substr(1);\r\n            scrollToElementWithOffset(href);\r\n        }\r\n\r\n        \/\/ Tambahkan event listener untuk semua tautan judul\r\n        const titleLinks = document.querySelectorAll('a[href^=\"#\"]');\r\n        titleLinks.forEach(link => {\r\n            link.addEventListener('click', handleTitleClick);\r\n        });\r\n\t});\r\n    <\/script> -->\r\n<!-- \t<style>#toc_group_float{display:block !important}<\/style> -->\r\n<\/span><\/p>\n<p>Failing to apply proper HRM principles aligned with PDPA can expose your business to data breaches, employee mistrust, and potential legal penalties, all of which can disrupt operations and damage your company\u2019s reputation.<\/p>\n<p><span data-sheets-root=\"1\"><span id=\"the\"><\/span><\/span><\/p>\n<h2 id=\"understanding-the-pdpa-framework-in-the-context-of-human-resources\"><strong>Understanding the PDPA Framework in the Context of Human Resources<\/strong><\/h2>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-18298\" src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources.webp\" alt=\"Understanding the PDPA Framework in the Context of Human Resources\" width=\"800\" height=\"450\" srcset=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources.webp 800w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources-300x169.webp 300w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources-768x432.webp 768w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources-747x420.webp 747w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources-150x84.webp 150w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/Understanding-the-PDPA-Framework-in-the-Context-of-Human-Resources-696x392.webp 696w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>The Personal Data Protection Act (PDPA), including Malaysia\u2019s Act 709, sets the rules for how personal data should be collected, used, stored, and disclosed in commercial activities, including within the employer employee relationship. Because HR processes handle a wide range of employee information, businesses need to make sure these data practices stay aligned with PDPA requirements.<\/p>\n<p>In human resource management, this starts with understanding the difference between personal data and sensitive personal data. Personal data generally includes names, identification numbers, contact details, and banking information, while sensitive personal data covers records such as medical information, religious beliefs, and legal matters that require stricter protection and more careful handling.<\/p>\n<p><span id=\"1\">By understanding these distinctions, <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/hr-compliance\/\">HR compliance teams<\/a> can handle employee data more responsibly, apply stronger safeguards where needed, and reduce compliance risks across day to day HR activities. This foundation also makes it easier to understand how each PDPA principle applies in practical HR situations.<\/span><\/p>\n<h2 id=\"principle-1-the-general-principle-lawful-processing-and-the-mandate-of-consent\"><strong>Principle 1: The General Principle \u2013 Lawful Processing and the Mandate of Consent<\/strong><\/h2>\n<p>The General Principle is the foundation of the 7 principles of PDPA because it requires organizations to obtain consent before processing personal data, unless a specific legal exemption applies. In HR, processing covers nearly every activity involving employee data, including collecting, recording, storing, using, disclosing, and deleting it.<\/p>\n<h3><strong>The Mechanics of Obtaining Consent<\/strong><\/h3>\n<p>Consent must be given clearly, specifically, and with full understanding of how the data will be used. This means employers can no longer rely on implied consent or hide data processing clauses inside long employment contracts. In HR, clear consent should be obtained from job applicants when they submit their resumes and from employees during onboarding, usually through a dedicated Personal Data Protection Consent Form that explains what data is collected and for what purpose.<\/p>\n<h3><strong>Managing Sensitive Personal Data<\/strong><\/h3>\n<p>Sensitive personal data requires stricter handling, which is why explicit consent is essential before it is processed. This applies to HR activities such as background checks that may reveal criminal records or pre employment medical check ups that disclose health conditions. In these cases, consent must come from a clear and deliberate action by the data subject, not from a pre selected option or vague approval.<\/p>\n<h3><strong>Exceptions to the Consent Rule<\/strong><\/h3>\n<p>Although consent remains the primary rule, the General Principle also allows personal data to be processed without consent in specific situations related to business operations or compliance with other laws. These exceptions include:<\/p>\n<ul>\n<li><strong>Performance of a Contract:<\/strong> Processing data necessary to fulfill the employment contract, such as using bank details to pay salaries.<\/li>\n<li><strong>Legal Obligations:<\/strong> Processing data to comply with statutory requirements, such as reporting income to tax authorities or contributing to mandatory provident funds.<\/li>\n<li><strong>Vital Interests:<\/strong> Processing data to protect the vital interests of the data subject, such as sharing medical information with emergency responders if an employee collapses at work.<\/li>\n<li><strong>Administration of Justice:<\/strong> Processing data required by a court order or legal proceeding.<\/li>\n<\/ul>\n<p>Despite these exceptions, organizations should still rely on transparent consent whenever possible and use these exceptions only when they are legally justified and truly necessary.<\/p>\n<h2 id=\"principle-2-the-notice-and-choice-principle-transparency-in-data-collection\"><strong>Principle 2: The Notice and Choice Principle Transparency in Data Collection<\/strong><\/h2>\n<p>The Notice and Choice Principle helps organizations stay transparent when collecting and processing personal data. It requires employers to clearly inform employees and candidates about how their personal data is collected, used, and managed. This principle gives individuals better visibility over their personal information, so they understand what happens to their data instead of being left uncertain about its use.<\/p>\n<h3><strong>Anatomy of a Privacy Notice<\/strong><\/h3>\n<p>To comply with this principle, employers must provide a clear written Privacy Notice.<br \/>\nIn Malaysia, this notice should be made available in both Bahasa Malaysia and English.<br \/>\nIt should also be given before the data is collected, during collection, or as soon as reasonably possible after that. A compliant Privacy Notice must clearly articulate several key pieces of information:<\/p>\n<ul>\n<li><strong>The Purpose of Collection:<\/strong> Why the data is being collected, such as for <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/payroll-process\/\">payroll processing<\/a>, performance evaluation, or employee benefits administration.<\/li>\n<li><strong>The Source of the Data:<\/strong> Where the data comes from, whether directly from the employee, from background check agencies, or from previous employers.<\/li>\n<li><strong>The Right to Access and Correct:<\/strong> A statement explaining that employees have the right to request access to their personal data and correct inaccurate information.<\/li>\n<li><strong>The Class of Third Parties:<\/strong> Who the data may be shared with, such as insurance providers, tax authorities, or outsourced payroll vendors.<\/li>\n<li><strong>Obligatory vs. Voluntary Data:<\/strong> A clear distinction between data the employee must provide due to legal or contractual requirements and data that is optional.<\/li>\n<li><strong>Consequences of Failing to Provide Data:<\/strong> What may happen if the employee does not provide required data, such as delays in salary processing or issues with benefit enrollment.<\/li>\n<li><strong>Contact Information:<\/strong> The contact details of the Data Protection Officer or the HR representative responsible for handling privacy related questions.<\/li>\n<\/ul>\n<h3><strong>The Element of Choice<\/strong><\/h3>\n<p>The Choice aspect of this principle means employees must have the right to limit the use of their personal data for purposes that are not essential to the employment relationship. For example, if a company intends to use an employee\u2019s photograph for marketing materials or public social media posts, the employee must be able to opt out without any effect on their role or employment status.<\/p>\n<h2 id=\"principle-3-the-disclosure-principle-controlling-the-flow-of-information\"><strong>Principle 3: The Disclosure Principle Controlling the Flow of Information<\/strong><\/h2>\n<p>Once an organization collects personal data, it is responsible for making sure the information is not disclosed to the wrong party. Under the Disclosure Principle, personal data can only be shared for the purpose it was originally collected and only with the parties stated in the Privacy Notice.<\/p>\n<h3><strong>Internal Disclosures and the Need-to-Know Basis<\/strong><\/h3>\n<p>Even within the organization, access to employee data should be tightly controlled. Not everyone in HR or across the wider business needs access to all employee information. Data should only be shared based on job relevance, so each employee can access only what they need to perform their role.<\/p>\n<p>For example, a direct manager may need to review an employee\u2019s performance record, but not their banking details or medical information. This kind of internal access control is a key part of strong <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/pdpa-data-compliance\/\">PDPA data compliance<\/a>.<\/p>\n<h3><strong>Managing Third-Party Vendors<\/strong><\/h3>\n<p>Modern businesses often rely on third party vendors to support key operations. In HR, this may include outsourced payroll providers, external recruiters, insurance brokers handling employee benefits, and cloud service providers used for data storage. Each time employee data is shared with these parties, it counts as a disclosure.<\/p>\n<p>To comply with the Disclosure Principle, employers must ensure that:<\/p>\n<ol>\n<li>The categories of these third parties are clearly stated in the initial Privacy Notice.<\/li>\n<li>The third parties are contractually required to protect the data, usually through Data Processing Agreements (DPAs) or Non Disclosure Agreements (NDAs) that hold them to the same data protection standards as the employer.<\/li>\n<li>The employer conducts due diligence before any transfer takes place, especially to confirm that the vendor has adequate security measures to protect sensitive employee data.<\/li>\n<\/ol>\n<h3><strong>Handling External Requests for Information<\/strong><\/h3>\n<p>HR departments often receive requests for employee information from external parties, such as banks verifying employment for loan applications or prospective employers requesting reference checks. Under the Disclosure Principle, this information should not be released without the employee\u2019s explicit written consent, even when the request appears routine or beneficial to the employee.<\/p>\n<h2 id=\"principle-4-security\"><strong>Principle 4: The Security Principle Safeguarding Sensitive Information<\/strong><\/h2>\n<p>Data protection is closely tied to data security. Under the Security Principle, organizations must take practical steps to protect personal data from loss, misuse, unauthorized or accidental access or disclosure, alteration, and destruction during processing. This is a strict requirement, not a recommendation, which is why it requires a layered approach to security.<\/p>\n<h3><strong>Physical Security Measures<\/strong><\/h3>\n<p>Even in a digital work environment, physical records can still create serious data protection risks. HR teams often keep hard copy documents such as identification records, signed contracts, and medical reports, which means physical access must be controlled carefully. Physical security measures include:<\/p>\n<ul>\n<li>Storing physical files in locked cabinets inside secure rooms with controlled access.<\/li>\n<li>Applying clean desk policies so sensitive documents are not left exposed.<\/li>\n<li>Protecting office premises through access cards, visitor logs, and surveillance systems.<\/li>\n<li>Disposing of physical documents securely through professional shredding services instead of regular waste disposal.<\/li>\n<\/ul>\n<h3><strong>Technical Security Measures<\/strong><\/h3>\n<p>Since most HR data is stored digitally, technical safeguards play a central role in protecting personal data. Organizations need strong cybersecurity measures to protect HR systems, databases, and networks from external attacks and internal risks. Key technical measures include:<\/p>\n<ul>\n<li><strong>Encryption:<\/strong> Data should be encrypted both at rest and in transit to reduce the risk of unauthorized exposure.<\/li>\n<li><strong>Access Controls:<\/strong> Strong password policies, multi factor authentication (MFA), and role based access control (RBAC) help ensure that only authorized personnel can access or update the data.<\/li>\n<li><strong>Network Security:<\/strong> Firewalls, intrusion detection systems, and regular vulnerability scans help prevent unauthorized access.<\/li>\n<li><strong>System Updates:<\/strong> Operating systems, applications, and security tools should be updated and patched regularly to address known vulnerabilities.<\/li>\n<\/ul>\n<p>To manage these technical requirements more effectively, many organizations rely on digital systems with stronger security capabilities. Using <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/best-hr-software-system\/\">the best HR software system<\/a> can support compliance with the Security Principle through features such as built in security controls, access logging, and secure cloud infrastructure. This also helps reduce the burden on internal teams while keeping sensitive employee data better protected.<\/p>\n<h3><strong>Organizational Security Measures<\/strong><\/h3>\n<p>Technology alone cannot fully protect personal data, especially when human error remains one of the most common causes of data breaches. That is why organizational security measures must focus on how employees handle data and how the company responds when risks arise.<\/p>\n<p>This usually includes clear data security policies, regular privacy training for employees, and a well defined incident response plan to address potential breaches quickly and effectively.<\/p>\n<h2 id=\"principle-5-retention\"><strong>Principle 5: The Retention Principle \u2013 Knowing When to Let Go<\/strong><\/h2>\n<p>A common mistake in data management is assuming personal data can be kept indefinitely once it has been collected. The Retention Principle does not allow this. Personal data should only be kept for as long as necessary to fulfill the purpose for which it was collected, after which it must be securely destroyed or anonymized.<\/p>\n<h3><strong>Navigating Statutory Retention Periods<\/strong><\/h3>\n<p>For HR departments, the challenge is balancing the Retention Principle with statutory requirements that require certain records to be kept for a fixed period. For example, employers may need to retain payroll and income tax records for at least seven years, while <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/what-is-hris-system\/\">employment contracts and disciplinary records<\/a> may also need to be kept for legal or dispute related purposes.<\/p>\n<p>To manage this properly, organizations need a clear Data Retention Policy. This policy should classify different types of HR data and set a retention period for each one based on legal obligations and business needs. Common categories include:<\/p>\n<ul>\n<li><strong>Unsuccessful Job Applicants:<\/strong> Resumes and interview notes should generally be deleted within six to twelve months, unless the candidate has explicitly agreed to let the company retain the data for future opportunities.<\/li>\n<li><strong>Current Employees:<\/strong> Most employee data is usually retained throughout the employment period.<\/li>\n<li><strong>Former Employees:<\/strong> Some records, such as tax and payroll data, should be kept for the required statutory period, while non essential information such as dietary preferences or emergency contacts should be removed shortly after employment ends.<\/li>\n<\/ul>\n<h3><strong>The Process of Secure Destruction<\/strong><\/h3>\n<p>Once the retention period ends, the data must be disposed of securely. Simply moving digital files to the Recycle Bin or throwing paper records into regular trash is not enough and can create compliance risks under the PDPA. Physical documents should be cross shredded or incinerated, while digital data should be permanently removed from active systems, backup servers, and disaster recovery environments using secure data wiping methods.<\/p>\n<h2 id=\"principle-6-integrity\"><strong>Principle 6: The Data Integrity Principle \u2013 Ensuring Accuracy and Relevance<\/strong><\/h2>\n<p>Making decisions based on <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/what-is-hris-system\/\">inaccurate employee data<\/a> can create serious operational problems and may also affect the individual involved. Under the Data Integrity Principle, employers must take reasonable steps to make sure the personal data they hold stays accurate, complete, relevant, and up to date based on the purpose for which it was collected.<\/p>\n<h3><strong>The Burden of Accuracy<\/strong><\/h3>\n<p>In HR, inaccurate data can quickly lead to serious consequences. If an employee\u2019s bank details are wrong, <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/payroll-system\/\">salary payments may fail<\/a>. If an address is outdated, tax documents or insurance records could be sent to the wrong place, which may result in a data breach. If emergency contact details are not updated, the company may also struggle to reach the right person during a workplace incident.<\/p>\n<h3><strong>Strategies for Maintaining Data Integrity<\/strong><\/h3>\n<p>Maintaining data integrity is an ongoing process that requires both HR and employees to play an active role. Effective strategies include:<\/p>\n<ul>\n<li><strong>Data Validation at Entry:<\/strong> Using validation rules in digital forms to make sure information is entered in the correct format, such as checking whether an email address is valid or whether an identification number has the required number of digits.<\/li>\n<li><strong>Regular Data Audits:<\/strong> Reviewing HR records regularly to identify incomplete, outdated, or inaccurate information before it affects daily operations.<\/li>\n<li><strong>Employee Self Service Portals:<\/strong> One of the most effective ways to maintain accurate data is by giving employees access to secure self service portals, where they can update details such as a new address or phone number in real time. This helps improve accuracy while also reducing the administrative workload for HR teams.<\/li>\n<\/ul>\n<p>Strong data integrity also supports companies that want to improve decision making through <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/workforce-analytics\/\">data driven workforce planning and performance analysis<\/a>. When employee records are inaccurate, the insights used for forecasting, performance tracking, and long term workforce planning become less reliable, which can weaken strategic decision making.<\/p>\n<h2 id=\"principle-7-access\"><strong>Principle 7: The Access Principle \u2013 Empowering Data Subjects<\/strong><\/h2>\n<p>The final pillar of the 7 principles of PDPA is the Access Principle. This principle gives individuals the right to access the personal data an organization holds about them and to request corrections if the data is inaccurate, incomplete, misleading, or outdated.<\/p>\n<h3><strong>Handling Subject Access Requests (SARs)<\/strong><\/h3>\n<p>When <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/human-capital-management-hcm\/\">current or former employees<\/a> want to view their personal data, they can submit a Subject Access Request (SAR). Employers are generally required to respond within a prescribed period, typically 21 days, and the information should be provided in a clear and understandable format.<\/p>\n<p>To handle SARs properly, HR should have a formal and standardized process in place. This procedure should include steps for:<\/p>\n<ul>\n<li><strong>Verifying Identity:<\/strong> Confirming that the request comes from the actual data subject before any information is disclosed.<\/li>\n<li><strong>Locating the Data:<\/strong> Identifying the relevant <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/attendance-management-system\/\">records across HR systems<\/a>, email, archived files, and other data sources.<\/li>\n<li><strong>Reviewing and Redacting:<\/strong> Checking whether the requested records contain other individuals\u2019 personal data and removing that information before disclosure where necessary.<\/li>\n<li><strong><span id=\"of\">Providing the Data:<\/span><\/strong> Delivering the requested information securely to the data subject.<\/li>\n<\/ul>\n<style>\r\n    #custom-quote {\r\n        background-color: #f0f0f0;\r\n        padding: 20px;\r\n        border-radius: 12px;\r\n        margin: 20px;\r\n        display: flex;\r\n        flex-direction: column;\r\n    }\r\n\r\n    #custom-quote .quote-body {\r\n        display: flex;\r\n        flex-direction: row;\r\n        align-items: flex-start;\r\n        gap: 15px;\r\n        font-size: 16px;\r\n        line-height: 1.5;\r\n        font-style: italic;\r\n    }\r\n\r\n    #custom-quote .quote-icon {\r\n        width: 40px;\r\n        height: 40px;\r\n        flex-shrink: 0;\r\n    }\r\n\r\n    #custom-quote .quote-author-wrapper {\r\n        margin-top: 15px;\r\n        align-self: flex-start;\r\n        margin-left: 55px; \r\n\t\tmargin-bottom: 0px;\r\n    }\r\n\r\n    #custom-quote em {\r\n        font-family: 'Roboto Serif', serif !important;\r\n        font-size: 12px;\r\n        font-weight: bold;\r\n        font-style: normal;\r\n    }\r\n\r\n    @media screen and (max-width: 768px) {\r\n        #custom-quote {\r\n            margin: 15px 0;\r\n            padding: 15px;\r\n        }\r\n        \r\n        #custom-quote .quote-body {\r\n            gap: 12px;\r\n        }\r\n\r\n        #custom-quote .quote-author-wrapper {\r\n            margin-left: 52px;\r\n        }\r\n    }\r\n\r\n    @media screen and (max-width: 480px) {\r\n        #custom-quote {\r\n            margin: 10px 0;\r\n            padding: 12px;\r\n        }\r\n\r\n        #custom-quote .quote-body {\r\n            font-size: 14px;\r\n            gap: 10px;\r\n        }\r\n\r\n        #custom-quote .quote-icon {\r\n            width: 32px;\r\n            height: 32px;\r\n        }\r\n\r\n        #custom-quote .quote-author-wrapper {\r\n            margin-top: 10px;\r\n            margin-left: 42px;\r\n        }\r\n    }\r\n<\/style>\r\n\r\n<div id=\"custom-quote\">\r\n    <div class=\"quote-body\">\r\n        <img decoding=\"async\" src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/12\/quote.webp\" alt=\"Quote Icon\" class=\"quote-icon\">\r\n        <div>\r\n            This article explains the 7 PDPA principles in a clear HR context, making it useful for businesses that need to manage employee data with stronger control, better compliance awareness, and more consistent governance as HR processes become increasingly digital.        <\/div>\r\n    <\/div>\r\n    <p class=\"quote-author-wrapper\">\r\n        <em>Cynthia Laura, Regional Manager<\/em>\r\n    <\/p>\r\n<\/div>\n<h2 id=\"consequences\"><strong>The Severe Consequences of Non-Compliance<\/strong><\/h2>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-18295 size-full\" src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256.webp\" alt=\"The Severe Consequences of Non-Compliance\" width=\"800\" height=\"443\" srcset=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256.webp 800w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256-300x166.webp 300w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256-768x425.webp 768w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256-758x420.webp 758w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256-150x83.webp 150w, https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/The-Severe-Consequences-of-Non-Compliance-e1775632202256-696x385.webp 696w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p>Treating the 7 principles of PDPA as optional rather than mandatory legal requirements can expose an organization to serious consequences. As data protection enforcement becomes stricter, the cost of non compliance can extend beyond regulatory penalties to <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/internal-control-procedures\/\">broader business risk<\/a>.<\/p>\n<h3><strong>Financial and Legal Repercussions<\/strong><\/h3>\n<p>In jurisdictions that enforce the PDPA, breaches can lead to significant financial penalties. Organizations may face substantial fines for each violation, and the liability may not stop at the company level. Directors, chief executive officers, managers, and other corporate officers can also be held personally accountable, which may result in personal fines or imprisonment depending on the severity of the breach.<\/p>\n<h3><strong>Reputational Damage and Loss of Trust<\/strong><\/h3>\n<p>The impact of non compliance is not limited to legal and financial exposure. A data breach or public compliance failure can also damage the organization\u2019s reputation, weaken stakeholder confidence, and reduce <a href=\"https:\/\/www.hashmicro.com\/my\/blog\/employee-engagement\/\">employee trust in how personal data is handled<\/a>.<\/p>\n<p>To support stronger employee data management in practice, it also helps to compare HR software pricing before choosing the right solution.<\/p>\n<a href=\"https:\/\/www.hashmicro.com\/my\/offer\/download-erp-pricing-list?medium=banner-article\" target=\"_blank\"><img decoding=\"async\" loading=\"lazy\" src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/08\/skema-harga-desktop-my.webp\" data-desktop-src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/08\/skema-harga-desktop-my.webp\" data-mobile-src=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/08\/skema-harga-mobile-my.webp\" alt=\"SkemaHarga\" class=\"responsive-image-banner\"><\/a>\r\n\r\n<script>\r\n    \/\/ check which image to use based on screensize\r\n    document.addEventListener(\"DOMContentLoaded\", function() {\r\n        function updateImageSource() {\r\n            var images = document.querySelectorAll('.responsive-image-banner');\r\n            var screenWidth = window.innerWidth;\r\n\r\n            images.forEach(function(img) {\r\n                var mobileSrc = img.getAttribute('data-mobile-src');\r\n                var desktopSrc = img.getAttribute('data-desktop-src');\r\n\r\n                if (screenWidth < 576 && mobileSrc) {\r\n                    img.setAttribute('src', mobileSrc);\r\n                } else {\r\n                    img.setAttribute('src', desktopSrc);\r\n                }\r\n            });\r\n        }\r\n\r\n        \/\/ Initial check\r\n        updateImageSource();\r\n\r\n        \/\/ Update on resize\r\n        window.addEventListener('resize', updateImageSource);\r\n    });\r\n<\/script>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p>Understanding the 7 PDPA principles is not only about staying compliant with legal requirements, but also about managing employee data with greater care and accountability. In HR, where personal and sensitive information is handled every day, these principles help businesses build clearer processes for consent, access, disclosure, retention, and security.<\/p>\n<p>When applied consistently, the principles do more than reduce the risk of penalties or data breaches. They also support stronger corporate governance, protect confidential employee information more effectively, and reinforce trust in how the organization manages data across the employment lifecycle.<\/p>\n<p>As HR operations become more digital, this is a good time for businesses to review whether their current practices still align with PDPA expectations and the level of protection employees now expect. For companies that want to explore this more carefully, <a href=\"https:\/\/www.hashmicro.com\/my\/free-product-demo\/?medium=web-form-header\">a free consultation<\/a> can be a practical way to discuss current challenges, identify possible gaps, and see what improvements may be worth prioritizing.<\/p>\n<h2><strong>Frequently Asked Questions About PDPA in HR<\/strong><\/h2>\n<ul class=\"bottom_faq\">\n<li>\n<details>\n<summary><strong>Does every company in Malaysia need to appoint a Data Protection Officer?<\/strong><\/summary>\n<p>Not every company was historically required to do so, but Malaysia\u2019s recent PDPA amendments and related guidance have made DPO appointment a more practical compliance consideration for many businesses. For organizations handling significant employee data, this is increasingly becoming an important governance issue.<\/p>\n<\/details>\n<\/li>\n<li>\n<details>\n<summary><strong>What should a company do first if an employee data breach happens?<\/strong><\/summary>\n<p>The first step is to contain the incident, assess what personal data was affected, and activate an internal response process immediately. This is especially important as Malaysia\u2019s evolving PDPA framework places greater attention on breach response and notification readiness.<\/p>\n<\/details>\n<\/li>\n<li>\n<details>\n<summary><strong>Can employee data be transferred outside Malaysia?<\/strong><\/summary>\n<p>Cross border transfers can still happen, but companies should not treat them as routine administrative work. Businesses need to review whether their HR systems, cloud vendors, and regional workflows apply the right safeguards before employee data is transferred outside Malaysia.<\/p>\n<\/details>\n<\/li>\n<li>\n<details>\n<summary><strong>Does PDPA affect employee monitoring and automated HR decisions?<\/strong><\/summary>\n<p>Yes. Employee monitoring, profiling, and automated HR decisions are becoming more important under Malaysia\u2019s evolving PDPA landscape, especially when technology is used for performance tracking, screening, or workforce analysis. Companies should review these activities carefully to ensure transparency, fairness, and proper internal controls.<\/p>\n<\/details>\n<\/li>\n<\/ul>\n<p><script type=\"application\/ld+json\">\n{\n  \"@context\": \"https:\/\/schema.org\",\n  \"@type\": \"FAQPage\",\n  \"mainEntity\": [{\n    \"@type\": \"Question\",\n    \"name\": \"Does every company in Malaysia need to appoint a Data Protection Officer?\",\n    \"acceptedAnswer\": {\n      \"@type\": \"Answer\",\n      \"text\": \"Not every company was historically required to do so, but Malaysia\u2019s recent PDPA amendments and related guidance have made DPO appointment a more practical compliance consideration for many businesses. For organizations handling significant employee data, this is increasingly becoming an important governance issue.\"\n    }\n  },{\n    \"@type\": \"Question\",\n    \"name\": \"What should a company do first if an employee data breach happens?\",\n    \"acceptedAnswer\": {\n      \"@type\": \"Answer\",\n      \"text\": \"The first step is to contain the incident, assess what personal data was affected, and activate an internal response process immediately. This is especially important as Malaysia\u2019s evolving PDPA framework places greater attention on breach response and notification readiness.\"\n    }\n  },{\n    \"@type\": \"Question\",\n    \"name\": \"Can employee data be transferred outside Malaysia?\",\n    \"acceptedAnswer\": {\n      \"@type\": \"Answer\",\n      \"text\": \"Cross border transfers can still happen, but companies should not treat them as routine administrative work. Businesses need to review whether their HR systems, cloud vendors, and regional workflows apply the right safeguards before employee data is transferred outside Malaysia.\"\n    }\n  },{\n    \"@type\": \"Question\",\n    \"name\": \"Does PDPA affect employee monitoring and automated HR decisions?\",\n    \"acceptedAnswer\": {\n      \"@type\": \"Answer\",\n      \"text\": \"Yes. Employee monitoring, profiling, and automated HR decisions are becoming more important under Malaysia\u2019s evolving PDPA landscape, especially when technology is used for performance tracking, screening, or workforce analysis. Companies should review these activities carefully to ensure transparency, fairness, and proper internal controls.\"\n    }\n  }]\n}\n<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As HR processes become more digital, managing employee data is no longer just an administrative task. Payroll details, medical records, performance reviews, and other sensitive information now move faster across systems, which means the risk of misuse, unauthorized access, or poor handling can also increase if the right safeguards are not in place. For businesses, [&hellip;]<\/p>\n","protected":false},"author":33,"featured_media":18305,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[222],"tags":[],"class_list":{"0":"post-18264","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-hr"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>7 PDPA Principles for HR Data Protection (2026)<\/title>\n<meta name=\"description\" content=\"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"7 PDPA Principles for Protecting Employee Data in HR\" \/>\n<meta property=\"og:description\" content=\"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\" \/>\n<meta property=\"og:site_name\" content=\"HashMicro Malaysia\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-08T07:52:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-08T07:55:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Muhammad Iqbal\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Muhammad Iqbal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\"},\"author\":{\"name\":\"Muhammad Iqbal\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/b24b5f30d01a2465924ea6b32dc66e15\"},\"headline\":\"7 PDPA Principles for Protecting Employee Data in HR\",\"datePublished\":\"2026-04-08T07:52:02+00:00\",\"dateModified\":\"2026-04-08T07:55:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\"},\"wordCount\":3306,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp\",\"articleSection\":[\"HR\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\",\"name\":\"7 PDPA Principles for HR Data Protection (2026)\",\"isPartOf\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp\",\"datePublished\":\"2026-04-08T07:52:02+00:00\",\"dateModified\":\"2026-04-08T07:55:52+00:00\",\"description\":\"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp\",\"contentUrl\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp\",\"width\":800,\"height\":450,\"caption\":\"7 principles of pdpa\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.hashmicro.com\/my\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"7 PDPA Principles for Protecting Employee Data in HR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#website\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/\",\"name\":\"HashMicro Malaysia\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.hashmicro.com\/my\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#organization\",\"name\":\"HashMicro Malaysia\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/09\/logo.webp\",\"contentUrl\":\"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/09\/logo.webp\",\"width\":422,\"height\":255,\"caption\":\"HashMicro Malaysia\"},\"image\":{\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/b24b5f30d01a2465924ea6b32dc66e15\",\"name\":\"Muhammad Iqbal\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/image\/\",\"url\":\"http:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/10\/Muhammad-Iqbal-96x96.webp\",\"contentUrl\":\"http:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/10\/Muhammad-Iqbal-96x96.webp\",\"caption\":\"Muhammad Iqbal\"},\"description\":\"Muhammad Iqbal writes comprehensive articles on human resource management topics such as talent acquisition, employee engagement, and HR technologies. He addresses both strategic and operational aspects of HR to cater to a wide range of readers. His content reflects current trends and solutions in workforce management.\",\"url\":\"https:\/\/www.hashmicro.com\/my\/blog\/author\/muhammad-iqbal\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"7 PDPA Principles for HR Data Protection (2026)","description":"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/","og_locale":"en_US","og_type":"article","og_title":"7 PDPA Principles for Protecting Employee Data in HR","og_description":"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.","og_url":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/","og_site_name":"HashMicro Malaysia","article_published_time":"2026-04-08T07:52:02+00:00","article_modified_time":"2026-04-08T07:55:52+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp","type":"image\/webp"}],"author":"Muhammad Iqbal","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Muhammad Iqbal","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#article","isPartOf":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/"},"author":{"name":"Muhammad Iqbal","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/b24b5f30d01a2465924ea6b32dc66e15"},"headline":"7 PDPA Principles for Protecting Employee Data in HR","datePublished":"2026-04-08T07:52:02+00:00","dateModified":"2026-04-08T07:55:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/"},"wordCount":3306,"commentCount":0,"publisher":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/#organization"},"image":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp","articleSection":["HR"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/","url":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/","name":"7 PDPA Principles for HR Data Protection (2026)","isPartOf":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage"},"image":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage"},"thumbnailUrl":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp","datePublished":"2026-04-08T07:52:02+00:00","dateModified":"2026-04-08T07:55:52+00:00","description":"Managing employee data without clear PDPA guidance raises risk. Explore the 7 PDPA principles in HR (2026) and apply them with confidence.","breadcrumb":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#primaryimage","url":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp","contentUrl":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2026\/04\/7-principles-of-pdpa.webp","width":800,"height":450,"caption":"7 principles of pdpa"},{"@type":"BreadcrumbList","@id":"https:\/\/www.hashmicro.com\/my\/blog\/7-principles-of-pdpa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.hashmicro.com\/my\/blog\/"},{"@type":"ListItem","position":2,"name":"7 PDPA Principles for Protecting Employee Data in HR"}]},{"@type":"WebSite","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#website","url":"https:\/\/www.hashmicro.com\/my\/blog\/","name":"HashMicro Malaysia","description":"","publisher":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.hashmicro.com\/my\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#organization","name":"HashMicro Malaysia","url":"https:\/\/www.hashmicro.com\/my\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/09\/logo.webp","contentUrl":"https:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/09\/logo.webp","width":422,"height":255,"caption":"HashMicro Malaysia"},"image":{"@id":"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/b24b5f30d01a2465924ea6b32dc66e15","name":"Muhammad Iqbal","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.hashmicro.com\/my\/blog\/#\/schema\/person\/image\/","url":"http:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/10\/Muhammad-Iqbal-96x96.webp","contentUrl":"http:\/\/www.hashmicro.com\/my\/blog\/wp-content\/uploads\/2025\/10\/Muhammad-Iqbal-96x96.webp","caption":"Muhammad Iqbal"},"description":"Muhammad Iqbal writes comprehensive articles on human resource management topics such as talent acquisition, employee engagement, and HR technologies. He addresses both strategic and operational aspects of HR to cater to a wide range of readers. His content reflects current trends and solutions in workforce management.","url":"https:\/\/www.hashmicro.com\/my\/blog\/author\/muhammad-iqbal\/"}]}},"order_j":"","_links":{"self":[{"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/posts\/18264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/comments?post=18264"}],"version-history":[{"count":9,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/posts\/18264\/revisions"}],"predecessor-version":[{"id":18278,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/posts\/18264\/revisions\/18278"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/media\/18305"}],"wp:attachment":[{"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/media?parent=18264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/categories?post=18264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hashmicro.com\/my\/blog\/wp-json\/wp\/v2\/tags?post=18264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}